diff --git a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml index 2a70cb4c2..a353be3f0 100644 --- a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml +++ b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml @@ -8566,6 +8566,11 @@ spec: description: "Current state of PostgreSQL instances." items: properties: + desiredPGDataVolume: + additionalProperties: + type: "string" + description: "Desired Size of the pgData volume" + type: "object" name: type: "string" readyReplicas: diff --git a/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/scheduledsparkapplications.yaml b/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/scheduledsparkapplications.yaml index b40796836..b390067fc 100644 --- a/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/scheduledsparkapplications.yaml +++ b/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/scheduledsparkapplications.yaml @@ -911,6 +911,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2779,6 +2781,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: diff --git a/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/sparkapplications.yaml b/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/sparkapplications.yaml index 711ea714e..9386b5f8f 100644 --- a/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/sparkapplications.yaml +++ b/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/sparkapplications.yaml @@ -897,6 +897,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2765,6 +2767,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: diff --git a/crd-catalog/Hyperfoil/hyperfoil-operator/hyperfoil.io/v1alpha2/hyperfoils.yaml b/crd-catalog/Hyperfoil/hyperfoil-operator/hyperfoil.io/v1alpha2/hyperfoils.yaml index 23af95c70..92d079bc6 100644 --- a/crd-catalog/Hyperfoil/hyperfoil-operator/hyperfoil.io/v1alpha2/hyperfoils.yaml +++ b/crd-catalog/Hyperfoil/hyperfoil-operator/hyperfoil.io/v1alpha2/hyperfoils.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.11.3" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "hyperfoils.hyperfoil.io" spec: group: "hyperfoil.io" @@ -37,15 +37,15 @@ spec: description: "Hyperfoil is the Schema for the hyperfoils API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "HyperfoilSpec Configures Hyperfoil Controller and related resources." + description: "HyperfoilSpec defines the desired state of Hyperfoil.It Configures Hyperfoil Controller and related resources." properties: additionalArgs: description: "AdditionalArgs specifies additional arguments to pass to the Hyperfoil controller." @@ -95,15 +95,15 @@ spec: type: "string" type: "object" secretEnvVars: - description: "List of secrets in this namespace; each entry from those secrets will be mapped as environment variable, using the key as variable name." + description: "List of secrets in this namespace; each entry from those secrets will be mapped\nas environment variable, using the key as variable name." items: type: "string" type: "array" serviceType: - description: "Type of the service being exposed. By default this is ClusterIP if Openshift Route resource is available (the route will target this service). If Openshift Routes are not available (on vanilla Kubernetes) the default is NodePort." + description: "Type of the service being exposed. By default this is ClusterIP if Openshift Route resource is available (the route will target this service).\nIf Openshift Routes are not available (on vanilla Kubernetes) the default is NodePort." type: "string" triggerUrl: - description: "If this is set the controller does not start benchmark run right away after hitting /benchmark/my-benchmark/start ; instead it responds with status 301 and header Location set to concatenation of this string and 'BENCHMARK=my-benchmark&RUN_ID=xxxx'. CLI interprets that response as a request to hit CI instance on this URL, assuming that CI will trigger a new job that will eventually call /benchmark/my-benchmark/start?runId=xxxx with header 'x-trigger-job'. This is useful if the the CI has to synchronize Hyperfoil to other benchmarks that don't use this controller instance." + description: "If this is set the controller does not start benchmark run right away after hitting\n/benchmark/my-benchmark/start ; instead it responds with status 301 and header Location\nset to concatenation of this string and 'BENCHMARK=my-benchmark&RUN_ID=xxxx'.\nCLI interprets that response as a request to hit CI instance on this URL, assuming that\nCI will trigger a new job that will eventually call /benchmark/my-benchmark/start?runId=xxxx\nwith header 'x-trigger-job'. This is useful if the the CI has to synchronize Hyperfoil\nto other benchmarks that don't use this controller instance." type: "string" version: description: "Tag for controller image. Defaults to version matching the operator version." diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml index 60ebe12aa..2194371ba 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml @@ -837,7 +837,7 @@ spec: description: "OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs." type: "boolean" paused: - description: "Paused If set to true all actions on the underlaying managed objects are not\ngoing to be performed, except for delete actions." + description: "Paused If set to true all actions on the underlying managed objects are not\ngoing to be performed, except for delete actions." type: "boolean" podDisruptionBudget: description: "PodDisruptionBudget created by operator" @@ -1430,7 +1430,7 @@ spec: description: "Match is a label selector (or list of label selectors) for filtering time series for the given selector.\n\n\nIf the match isn't set, then all the input time series are processed." x-kubernetes-preserve-unknown-fields: true no_align_flush_to_interval: - description: "NoAlighFlushToInterval disables aligning of flushes to multiples of Interval.\nBy default flushes are aligned to Interval." + description: "NoAlignFlushToInterval disables aligning of flushes to multiples of Interval.\nBy default flushes are aligned to Interval." type: "boolean" output_relabel_configs: description: "OutputRelabelConfigs is an optional relabeling rules, which are applied\non the aggregated output before being sent to remote storage." @@ -2470,7 +2470,7 @@ spec: format: "int32" type: "integer" reason: - description: "Reason defines fail reason for update process, effective only for statefuleMode" + description: "Reason defines fail reason for update process, effective only for statefulMode" type: "string" replicas: description: "ReplicaCount Total number of pods targeted by this VMAgent" @@ -2488,7 +2488,7 @@ spec: format: "int32" type: "integer" updateStatus: - description: "UpdateStatus defines a status for update rollout, effective only for statefuleMode" + description: "UpdateStatus defines a status for update rollout, effective only for statefulMode" type: "string" updatedReplicas: description: "UpdatedReplicas Total number of non-terminated pods targeted by this VMAgent\ncluster that have the desired version spec." diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagerconfigs.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagerconfigs.yaml index 37a7b013c..1d59af39a 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagerconfigs.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagerconfigs.yaml @@ -75,7 +75,7 @@ spec: description: "Location in golang time location form, e.g. UTC" type: "string" months: - description: "Months defines list of calendar months identified by a case-insentive name (e.g. ‘January’) or numeric 1.\nFor example, ['1:3', 'may:august', 'december']" + description: "Months defines list of calendar months identified by a case-insensitive name (e.g. ‘January’) or numeric 1.\nFor example, ['1:3', 'may:august', 'december']" items: type: "string" type: "array" @@ -2135,7 +2135,7 @@ spec: description: "Location in golang time location form, e.g. UTC" type: "string" months: - description: "Months defines list of calendar months identified by a case-insentive name (e.g. ‘January’) or numeric 1.\nFor example, ['1:3', 'may:august', 'december']" + description: "Months defines list of calendar months identified by a case-insensitive name (e.g. ‘January’) or numeric 1.\nFor example, ['1:3', 'may:august', 'december']" items: type: "string" type: "array" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml index 435281501..79efcc217 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml @@ -467,7 +467,7 @@ spec: description: "NodeSelector Define which Nodes the Pods are scheduled on." type: "object" paused: - description: "Paused If set to true all actions on the underlaying managed objects are not\ngoint to be performed, except for delete actions." + description: "Paused If set to true all actions on the underlying managed objects are not\ngoing to be performed, except for delete actions." type: "boolean" podDisruptionBudget: description: "PodDisruptionBudget created by operator" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml index 51e9ae5d2..f5b79e194 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml @@ -780,7 +780,7 @@ spec: type: "object" type: "array" paused: - description: "Paused If set to true all actions on the underlaying managed objects are not\ngoing to be performed, except for delete actions." + description: "Paused If set to true all actions on the underlying managed objects are not\ngoing to be performed, except for delete actions." type: "boolean" podDisruptionBudget: description: "PodDisruptionBudget created by operator" @@ -1453,7 +1453,7 @@ spec: format: "int32" type: "integer" reason: - description: "Reason defines fail reason for update process, effective only for statefuleMode" + description: "Reason defines fail reason for update process, effective only for statefulMode" type: "string" replicas: description: "ReplicaCount Total number of non-terminated pods targeted by this VMAlert\ncluster (their labels match the selector)." @@ -1464,7 +1464,7 @@ spec: format: "int32" type: "integer" updateStatus: - description: "UpdateStatus defines a status for update rollout, effective only for statefuleMode" + description: "UpdateStatus defines a status for update rollout, effective only for statefulMode" type: "string" updatedReplicas: description: "UpdatedReplicas Total number of non-terminated pods targeted by this VMAlert\ncluster that have the desired version spec." diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml index 7e3c73be4..c4d0666d8 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml @@ -373,7 +373,7 @@ spec: description: "NodeSelector Define which Nodes the Pods are scheduled on." type: "object" paused: - description: "Paused If set to true all actions on the underlaying managed objects are not\ngoing to be performed, except for delete actions." + description: "Paused If set to true all actions on the underlying managed objects are not\ngoing to be performed, except for delete actions." type: "boolean" podDisruptionBudget: description: "PodDisruptionBudget created by operator" @@ -861,10 +861,10 @@ spec: description: "VMAuthStatus defines the observed state of VMAuth" properties: reason: - description: "Reason defines fail reason for update process, effective only for statefuleMode" + description: "Reason defines fail reason for update process, effective only for statefulMode" type: "string" updateStatus: - description: "UpdateStatus defines a status for update rollout, effective only for statefuleMode" + description: "UpdateStatus defines a status for update rollout, effective only for statefulMode" type: "string" type: "object" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml index c05332b6b..df1ca51db 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml @@ -87,7 +87,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" paused: - description: "Paused If set to true all actions on the underlaying managed objects are not\ngoing to be performed, except for delete actions." + description: "Paused If set to true all actions on the underlying managed objects are not\ngoing to be performed, except for delete actions." type: "boolean" replicationFactor: description: "ReplicationFactor defines how many copies of data make among\ndistinct storage nodes" @@ -845,7 +845,7 @@ spec: description: "NodeSelector Define which Nodes the Pods are scheduled on." type: "object" persistentVolume: - description: "Storage - add persistent volume for cacheMounthPath\nits useful for persistent cache\nuse storage instead of persistentVolume." + description: "Storage - add persistent volume for cacheMountPath\nits useful for persistent cache\nuse storage instead of persistentVolume." properties: disableMountSubPath: description: "Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary.\nDisableMountSubPath allows to remove any subPath usage in volume mounts." diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml index 500b5ddf2..33b67b73a 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml @@ -485,7 +485,7 @@ spec: type: "string" type: "object" vm_scrape_params: - description: "VMScrapeParams defines VictoriaMetrics specific scrape parametrs" + description: "VMScrapeParams defines VictoriaMetrics specific scrape parameters" properties: disable_compression: type: "boolean" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml index 755010f24..c0c4f07fe 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml @@ -489,7 +489,7 @@ spec: type: "string" type: "object" vm_scrape_params: - description: "VMScrapeParams defines VictoriaMetrics specific scrape parametrs" + description: "VMScrapeParams defines VictoriaMetrics specific scrape parameters" properties: disable_compression: type: "boolean" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml index e5239ca9c..64b6f15d2 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml @@ -519,7 +519,7 @@ spec: - "url" type: "object" vm_scrape_params: - description: "VMScrapeParams defines VictoriaMetrics specific scrape parametrs" + description: "VMScrapeParams defines VictoriaMetrics specific scrape parameters" properties: disable_compression: type: "boolean" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml index 456c7c1f3..5ade94c67 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml @@ -478,7 +478,7 @@ spec: type: "string" type: "object" vm_scrape_params: - description: "VMScrapeParams defines VictoriaMetrics specific scrape parametrs" + description: "VMScrapeParams defines VictoriaMetrics specific scrape parameters" properties: disable_compression: type: "boolean" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml index a0f258067..38f40302d 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml @@ -219,7 +219,7 @@ spec: description: "NodeSelector Define which Nodes the Pods are scheduled on." type: "object" paused: - description: "Paused If set to true all actions on the underlaying managed objects are not\ngoing to be performed, except for delete actions." + description: "Paused If set to true all actions on the underlying managed objects are not\ngoing to be performed, except for delete actions." type: "boolean" podMetadata: description: "PodMetadata configures Labels and Annotations which are propagated to the VMSingle pods." @@ -607,7 +607,7 @@ spec: description: "Match is a label selector (or list of label selectors) for filtering time series for the given selector.\n\n\nIf the match isn't set, then all the input time series are processed." x-kubernetes-preserve-unknown-fields: true no_align_flush_to_interval: - description: "NoAlighFlushToInterval disables aligning of flushes to multiples of Interval.\nBy default flushes are aligned to Interval." + description: "NoAlignFlushToInterval disables aligning of flushes to multiples of Interval.\nBy default flushes are aligned to Interval." type: "boolean" output_relabel_configs: description: "OutputRelabelConfigs is an optional relabeling rules, which are applied\non the aggregated output before being sent to remote storage." diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml index abb5b209d..55ef59e6a 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml @@ -473,7 +473,7 @@ spec: type: "string" type: "object" vm_scrape_params: - description: "VMScrapeParams defines VictoriaMetrics specific scrape parametrs" + description: "VMScrapeParams defines VictoriaMetrics specific scrape parameters" properties: disable_compression: type: "boolean" diff --git a/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml b/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml index 0a2764e79..e6698a26f 100644 --- a/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml +++ b/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml @@ -1444,6 +1444,10 @@ spec: description: "Number of seconds to wait for a probe response from task pod" format: "int32" type: "integer" + task_manage_replicas: + default: true + description: "Enables operator control of replicas count for the task deployment when set to 'true'" + type: "boolean" task_node_selector: description: "nodeSelector for the task pods" type: "string" @@ -1925,6 +1929,10 @@ spec: description: "Number of seconds to wait for a probe response from web pod" format: "int32" type: "integer" + web_manage_replicas: + default: true + description: "Enables operator control of replicas count for the web deployment when set to 'true'" + type: "boolean" web_node_selector: description: "nodeSelector for the web pods" type: "string" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml index 688964b7f..54c7bd3f4 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml @@ -193,6 +193,9 @@ spec: description: "ActiveDeadlineSeconds" format: "int64" type: "integer" + automountServiceAccountToken: + description: "AutomountServiceAccountToken" + type: "boolean" containers: description: "Containers" items: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml index 635ab8a47..2ddd94d07 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml @@ -184,6 +184,9 @@ spec: description: "ActiveDeadlineSeconds" format: "int64" type: "integer" + automountServiceAccountToken: + description: "AutomountServiceAccountToken" + type: "boolean" containers: description: "Containers" items: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml index 5c159d675..f6a958735 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml @@ -186,6 +186,9 @@ spec: description: "ActiveDeadlineSeconds" format: "int64" type: "integer" + automountServiceAccountToken: + description: "AutomountServiceAccountToken" + type: "boolean" containers: description: "Containers" items: diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml index bf7bc2863..fab7253ac 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml @@ -340,14 +340,6 @@ spec: maxLength: 54 pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" type: "string" - nodeName: - description: "Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. \n Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in \"Pending\" state until the node is available or the Pod is deleted." - type: "string" - nodeSelector: - additionalProperties: - type: "string" - description: "Defines NodeSelector to override." - type: "object" replicas: default: 1 description: "Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation." @@ -391,150 +383,706 @@ spec: description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" - tolerations: - description: "Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones." - items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." - properties: - effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." - type: "string" - key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." - type: "string" - operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." - type: "string" - tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." - format: "int64" - type: "integer" - value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." - type: "string" - type: "object" - type: "array" - volumeClaimTemplates: - description: "Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates." - items: - properties: - name: - description: "Refers to the name of a volumeMount defined in either: \n - `componentDefinition.spec.runtime.containers[*].volumeMounts` - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) \n The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array." - type: "string" - spec: - description: "Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. \n When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field." - properties: - accessModes: - description: "Contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1." - items: - type: "string" - type: "array" - x-kubernetes-preserve-unknown-fields: true - resources: - description: "Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources." - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." - items: - description: "ResourceClaim references one entry in PodSpec.ResourceClaims." - properties: - name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." - type: "string" - required: - - "name" - type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - limits: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + schedulingPolicy: + description: "Specifies the scheduling policy for the Component." + properties: + affinity: + description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." + properties: + nodeAffinity: + description: "Describes node affinity scheduling rules for the pod." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + properties: + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "preference" + - "weight" type: "object" - requests: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + properties: + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." + items: + description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + required: + - "nodeSelectorTerms" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" type: "object" - type: "object" - x-kubernetes-preserve-unknown-fields: true - storageClassName: - description: "The name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1." - type: "string" - volumeMode: - description: "Defines what type of volume is required by the claim, either Block or Filesystem." - type: "string" - type: "object" - required: - - "name" - type: "object" - type: "array" - volumeMounts: - description: "Defines VolumeMounts to override. Add new or override existing volume mounts of the first container in the Pod." - items: - description: "VolumeMount describes a mounting of a Volume within a container." - properties: - mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." - type: "string" - mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." - type: "string" - name: - description: "This must match the Name of a Volume." - type: "string" - readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." - type: "boolean" - subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." - type: "string" - subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." - type: "string" - required: - - "mountPath" - - "name" - type: "object" - type: "array" - volumes: - description: "Defines Volumes to override. Add new or override existing volumes." - items: - description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." - properties: - awsElasticBlockStore: - description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + nodeName: + description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements." + type: "string" + nodeSelector: + additionalProperties: + type: "string" + description: "NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: "object" + x-kubernetes-map-type: "atomic" + schedulerName: + description: "If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler." + type: "string" + tolerations: + description: "Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. \n - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. \n Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." properties: - fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" - partition: - description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." - format: "int32" - type: "integer" - readOnly: - description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: "boolean" - volumeID: - description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" - required: - - "volumeID" - type: "object" - azureDisk: - description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." - properties: - cachingMode: + operator: + description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + topologySpreadConstraints: + description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed." + items: + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." + properties: + labelSelector: + description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." + format: "int32" + type: "integer" + minDomains: + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + format: "int32" + type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + type: "string" + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." + type: "string" + required: + - "maxSkew" + - "topologyKey" + - "whenUnsatisfiable" + type: "object" + type: "array" + type: "object" + volumeClaimTemplates: + description: "Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates." + items: + properties: + name: + description: "Refers to the name of a volumeMount defined in either: \n - `componentDefinition.spec.runtime.containers[*].volumeMounts` - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) \n The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array." + type: "string" + spec: + description: "Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. \n When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field." + properties: + accessModes: + description: "Contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1." + items: + type: "string" + type: "array" + x-kubernetes-preserve-unknown-fields: true + resources: + description: "Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + x-kubernetes-preserve-unknown-fields: true + storageClassName: + description: "The name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1." + type: "string" + volumeMode: + description: "Defines what type of volume is required by the claim, either Block or Filesystem." + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" + volumeMounts: + description: "Defines VolumeMounts to override. Add new or override existing volume mounts of the first container in the Pod." + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must not contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" + volumes: + description: "Defines Volumes to override. Add new or override existing volumes." + items: + description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." + properties: + awsElasticBlockStore: + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + format: "int32" + type: "integer" + readOnly: + description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "boolean" + volumeID: + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "string" + required: + - "volumeID" + type: "object" + azureDisk: + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + properties: + cachingMode: description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." type: "string" diskName: @@ -2259,6 +2807,66 @@ spec: - "Noop" type: "string" type: "object" + systemAccounts: + description: "Overrides system accounts defined in referenced ComponentDefinition." + items: + properties: + name: + description: "The name of the system account." + type: "string" + passwordConfig: + description: "Specifies the policy for generating the account's password. \n This field is immutable once set." + properties: + length: + default: 16 + description: "The length of the password." + format: "int32" + maximum: 32.0 + minimum: 8.0 + type: "integer" + letterCase: + default: "MixedCases" + description: "The case of the letters in the password." + enum: + - "LowerCases" + - "UpperCases" + - "MixedCases" + type: "string" + numDigits: + default: 4 + description: "The number of digits in the password." + format: "int32" + maximum: 8.0 + minimum: 0.0 + type: "integer" + numSymbols: + default: 0 + description: "The number of symbols in the password." + format: "int32" + maximum: 8.0 + minimum: 0.0 + type: "integer" + seed: + description: "Seed to generate the account's password. Cannot be updated." + type: "string" + type: "object" + secretRef: + description: "Refers to the secret from which data will be copied to create the new account. \n This field is immutable once set." + properties: + name: + description: "The unique identifier of the secret." + type: "string" + namespace: + description: "The namespace where the secret is located." + type: "string" + required: + - "name" + - "namespace" + type: "object" + required: + - "name" + type: "object" + type: "array" tls: description: "A boolean flag that indicates whether the Component should use Transport Layer Security (TLS) for secure communication. When set to true, the Component will be configured to use TLS encryption for its network connections. This ensures that the data transmitted between the Component and its clients or other Components is encrypted and protected from unauthorized access. If TLS is enabled, the Component may require additional configuration, such as specifying TLS certificates and keys, to properly set up the secure communication channel." type: "boolean" @@ -3351,226 +3959,774 @@ spec: items: description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: - description: "Maps a string key to a path within a volume." + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "The name of the config." + type: "string" + type: "object" + type: "array" + disableExporter: + description: "Determines whether metrics exporter information is annotated on the Component's headless Service. \n If set to true, the following annotations will not be patched into the Service: \n - \"monitor.kubeblocks.io/path\" - \"monitor.kubeblocks.io/port\" - \"monitor.kubeblocks.io/scheme\" \n These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter." + type: "boolean" + enabledLogs: + description: "Specifies which types of logs should be collected for the Component. The log types are defined in the `componentDefinition.spec.logConfigs` field with the LogConfig entries. \n The elements in the `enabledLogs` array correspond to the names of the LogConfig entries. For example, if the `componentDefinition.spec.logConfigs` defines LogConfig entries with names \"slow_query_log\" and \"error_log\", you can enable the collection of these logs by including their names in the `enabledLogs` array: ```yaml enabledLogs: - slow_query_log - error_log ```" + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + instances: + description: "Allows for the customization of configuration values for each instance within a Component. An instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). While instances typically share a common configuration as defined in the ClusterComponentSpec, they can require unique settings in various scenarios: \n For example: - A database Component might require different resource allocations for primary and secondary instances, with primaries needing more resources. - During a rolling upgrade, a Component may first update the image for one or a few instances, and then update the remaining instances after verifying that the updated instances are functioning correctly. \n InstanceTemplate allows for specifying these unique configurations per instance. Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), starting with an ordinal of 0. It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. \n The sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules." + items: + description: "InstanceTemplate allows customization of individual replica configurations in a Component." + properties: + annotations: + additionalProperties: + type: "string" + description: "Specifies a map of key-value pairs to be merged into the Pod's existing annotations. Existing keys will have their values overwritten, while new keys will be added to the annotations." + type: "object" + env: + description: "Defines Env to override. Add new or override existing envs." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + image: + description: "Specifies an override for the first container's image in the Pod." + type: "string" + labels: + additionalProperties: + type: "string" + description: "Specifies a map of key-value pairs that will be merged into the Pod's existing labels. Values for existing keys will be overwritten, and new keys will be added." + type: "object" + name: + description: "Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns." + maxLength: 54 + pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + type: "string" + replicas: + default: 1 + description: "Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation." + format: "int32" + minimum: 0.0 + type: "integer" + resources: + description: "Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + schedulingPolicy: + description: "Specifies the scheduling policy for the Component." + properties: + affinity: + description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." + properties: + nodeAffinity: + description: "Describes node affinity scheduling rules for the pod." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + properties: + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "preference" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + properties: + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." + items: + description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + required: + - "nodeSelectorTerms" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + nodeName: + description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements." + type: "string" + nodeSelector: + additionalProperties: + type: "string" + description: "NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: "object" + x-kubernetes-map-type: "atomic" + schedulerName: + description: "If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler." + type: "string" + tolerations: + description: "Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. \n - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. \n Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" key: - description: "key is the key to project." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: "int32" + operator: + description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + format: "int64" type: "integer" - path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + value: + description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" - required: - - "key" - - "path" type: "object" type: "array" - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "optional specify whether the ConfigMap or its keys must be defined" - type: "boolean" - type: "object" - x-kubernetes-map-type: "atomic" - name: - description: "The name of the config." - type: "string" - type: "object" - type: "array" - disableExporter: - description: "Determines whether metrics exporter information is annotated on the Component's headless Service. \n If set to true, the following annotations will not be patched into the Service: \n - \"monitor.kubeblocks.io/path\" - \"monitor.kubeblocks.io/port\" - \"monitor.kubeblocks.io/scheme\" \n These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter." - type: "boolean" - enabledLogs: - description: "Specifies which types of logs should be collected for the Component. The log types are defined in the `componentDefinition.spec.logConfigs` field with the LogConfig entries. \n The elements in the `enabledLogs` array correspond to the names of the LogConfig entries. For example, if the `componentDefinition.spec.logConfigs` defines LogConfig entries with names \"slow_query_log\" and \"error_log\", you can enable the collection of these logs by including their names in the `enabledLogs` array: ```yaml enabledLogs: - slow_query_log - error_log ```" - items: - type: "string" - type: "array" - x-kubernetes-list-type: "set" - instances: - description: "Allows for the customization of configuration values for each instance within a Component. An instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). While instances typically share a common configuration as defined in the ClusterComponentSpec, they can require unique settings in various scenarios: \n For example: - A database Component might require different resource allocations for primary and secondary instances, with primaries needing more resources. - During a rolling upgrade, a Component may first update the image for one or a few instances, and then update the remaining instances after verifying that the updated instances are functioning correctly. \n InstanceTemplate allows for specifying these unique configurations per instance. Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), starting with an ordinal of 0. It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. \n The sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules." - items: - description: "InstanceTemplate allows customization of individual replica configurations in a Component." - properties: - annotations: - additionalProperties: - type: "string" - description: "Specifies a map of key-value pairs to be merged into the Pod's existing annotations. Existing keys will have their values overwritten, while new keys will be added to the annotations." - type: "object" - env: - description: "Defines Env to override. Add new or override existing envs." - items: - description: "EnvVar represents an environment variable present in a Container." - properties: - name: - description: "Name of the environment variable. Must be a C_IDENTIFIER." - type: "string" - value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." - type: "string" - valueFrom: - description: "Source for the environment variable's value. Cannot be used if value is not empty." + topologySpreadConstraints: + description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed." + items: + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." properties: - configMapKeyRef: - description: "Selects a key of a ConfigMap." + labelSelector: + description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." properties: - key: - description: "The key to select." - type: "string" - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "Specify whether the ConfigMap or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." - type: "string" - fieldPath: - description: "Path of the field to select in the specified API version." - type: "string" - required: - - "fieldPath" - type: "object" - x-kubernetes-map-type: "atomic" - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: "string" - divisor: - anyOf: - - type: "integer" - - type: "string" - description: "Specifies the output format of the exposed resources, defaults to \"1\"" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: "string" - required: - - "resource" - type: "object" - x-kubernetes-map-type: "atomic" - secretKeyRef: - description: "Selects a key of a secret in the pod's namespace" - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" x-kubernetes-map-type: "atomic" - type: "object" - required: - - "name" - type: "object" - type: "array" - image: - description: "Specifies an override for the first container's image in the Pod." - type: "string" - labels: - additionalProperties: - type: "string" - description: "Specifies a map of key-value pairs that will be merged into the Pod's existing labels. Values for existing keys will be overwritten, and new keys will be added." - type: "object" - name: - description: "Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns." - maxLength: 54 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" - nodeName: - description: "Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. \n Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in \"Pending\" state until the node is available or the Pod is deleted." - type: "string" - nodeSelector: - additionalProperties: - type: "string" - description: "Defines NodeSelector to override." - type: "object" - replicas: - default: 1 - description: "Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation." - format: "int32" - minimum: 0.0 - type: "integer" - resources: - description: "Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container." - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." - items: - description: "ResourceClaim references one entry in PodSpec.ResourceClaims." - properties: - name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." + format: "int32" + type: "integer" + minDomains: + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + format: "int32" + type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + type: "string" + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." type: "string" required: - - "name" + - "maxSkew" + - "topologyKey" + - "whenUnsatisfiable" type: "object" type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - limits: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - requests: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" type: "object" - tolerations: - description: "Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones." - items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." - properties: - effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." - type: "string" - key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." - type: "string" - operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." - type: "string" - tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." - format: "int64" - type: "integer" - value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." - type: "string" - type: "object" - type: "array" volumeClaimTemplates: description: "Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates." items: @@ -5416,6 +6572,66 @@ spec: - "Noop" type: "string" type: "object" + systemAccounts: + description: "Overrides system accounts defined in referenced ComponentDefinition." + items: + properties: + name: + description: "The name of the system account." + type: "string" + passwordConfig: + description: "Specifies the policy for generating the account's password. \n This field is immutable once set." + properties: + length: + default: 16 + description: "The length of the password." + format: "int32" + maximum: 32.0 + minimum: 8.0 + type: "integer" + letterCase: + default: "MixedCases" + description: "The case of the letters in the password." + enum: + - "LowerCases" + - "UpperCases" + - "MixedCases" + type: "string" + numDigits: + default: 4 + description: "The number of digits in the password." + format: "int32" + maximum: 8.0 + minimum: 0.0 + type: "integer" + numSymbols: + default: 0 + description: "The number of symbols in the password." + format: "int32" + maximum: 8.0 + minimum: 0.0 + type: "integer" + seed: + description: "Seed to generate the account's password. Cannot be updated." + type: "string" + type: "object" + secretRef: + description: "Refers to the secret from which data will be copied to create the new account. \n This field is immutable once set." + properties: + name: + description: "The unique identifier of the secret." + type: "string" + namespace: + description: "The namespace where the secret is located." + type: "string" + required: + - "name" + - "namespace" + type: "object" + required: + - "name" + type: "object" + type: "array" tls: description: "A boolean flag that indicates whether the Component should use Transport Layer Security (TLS) for secure communication. When set to true, the Component will be configured to use TLS encryption for its network connections. This ensures that the data transmitted between the Component and its clients or other Components is encrypted and protected from unauthorized access. If TLS is enabled, the Component may require additional configuration, such as specifying TLS certificates and keys, to properly set up the secure communication channel." type: "boolean" diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml index 48cdeff61..1ddb1e40f 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml @@ -245,14 +245,6 @@ spec: maxLength: 54 pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" type: "string" - nodeName: - description: "Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. \n Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in \"Pending\" state until the node is available or the Pod is deleted." - type: "string" - nodeSelector: - additionalProperties: - type: "string" - description: "Defines NodeSelector to override." - type: "object" replicas: default: 1 description: "Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation." @@ -296,29 +288,585 @@ spec: description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" - tolerations: - description: "Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones." - items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." - properties: - effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." - type: "string" - key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." - type: "string" - operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." - type: "string" - tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." - format: "int64" - type: "integer" - value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + schedulingPolicy: + description: "Specifies the scheduling policy for the Component." + properties: + affinity: + description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." + properties: + nodeAffinity: + description: "Describes node affinity scheduling rules for the pod." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + properties: + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "preference" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + properties: + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." + items: + description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + required: + - "nodeSelectorTerms" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + nodeName: + description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements." + type: "string" + nodeSelector: + additionalProperties: type: "string" - type: "object" - type: "array" + description: "NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: "object" + x-kubernetes-map-type: "atomic" + schedulerName: + description: "If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler." + type: "string" + tolerations: + description: "Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. \n - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. \n Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + topologySpreadConstraints: + description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed." + items: + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." + properties: + labelSelector: + description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." + format: "int32" + type: "integer" + minDomains: + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + format: "int32" + type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + type: "string" + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." + type: "string" + required: + - "maxSkew" + - "topologyKey" + - "whenUnsatisfiable" + type: "object" + type: "array" + type: "object" volumeClaimTemplates: description: "Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates." items: @@ -2231,6 +2779,66 @@ spec: - "name" type: "object" type: "array" + systemAccounts: + description: "Overrides system accounts defined in referenced ComponentDefinition." + items: + properties: + name: + description: "The name of the system account." + type: "string" + passwordConfig: + description: "Specifies the policy for generating the account's password. \n This field is immutable once set." + properties: + length: + default: 16 + description: "The length of the password." + format: "int32" + maximum: 32.0 + minimum: 8.0 + type: "integer" + letterCase: + default: "MixedCases" + description: "The case of the letters in the password." + enum: + - "LowerCases" + - "UpperCases" + - "MixedCases" + type: "string" + numDigits: + default: 4 + description: "The number of digits in the password." + format: "int32" + maximum: 8.0 + minimum: 0.0 + type: "integer" + numSymbols: + default: 0 + description: "The number of symbols in the password." + format: "int32" + maximum: 8.0 + minimum: 0.0 + type: "integer" + seed: + description: "Seed to generate the account's password. Cannot be updated." + type: "string" + type: "object" + secretRef: + description: "Refers to the secret from which data will be copied to create the new account. \n This field is immutable once set." + properties: + name: + description: "The unique identifier of the secret." + type: "string" + namespace: + description: "The namespace where the secret is located." + type: "string" + required: + - "name" + - "namespace" + type: "object" + required: + - "name" + type: "object" + type: "array" tlsConfig: description: "Specifies the TLS configuration for the Component, including: \n - A boolean flag that indicates whether the Component should use Transport Layer Security (TLS) for secure communication. - An optional field that specifies the configuration for the TLS certificates issuer when TLS is enabled. It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. The secret should contain the CA certificate, TLS certificate, and private key in the specified keys." properties: diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml index df19d0669..c493e7328 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml @@ -277,1272 +277,1887 @@ spec: - message: "forbidden to update spec.force" rule: "self == oldSelf" horizontalScaling: - description: "Lists HorizontalScaling objects, each specifying scaling requirements for a Component, including desired total replica counts, configurations for new instances, modifications for existing instances, and instance downscaling options." + description: "Lists HorizontalScaling objects, each specifying scaling requirements for a Component, including desired replica changes, configurations for new instances, modifications for existing instances, and take offline/online the specified instances." items: description: "HorizontalScaling defines the parameters of a horizontal scaling operation." properties: componentName: description: "Specifies the name of the Component." type: "string" - instances: - description: "Contains a list of InstanceTemplate objects. Each InstanceTemplate object allows for modifying replica counts or specifying configurations for new instances during scaling. \n The field supports two main use cases: \n - Modifying replica count: Specify the desired replica count for existing instances with a particular configuration using Name and Replicas fields. To modify the replica count, the Name and Replicas fields of the InstanceTemplate object should be provided. Only these fields are used for matching and adjusting replicas; other fields are ignored. The Replicas value overrides any existing count. - Configuring new instances: Define the configuration for new instances added during scaling, including resource requirements, labels, annotations, etc. New instances are created based on the provided InstanceTemplate." - items: - description: "InstanceTemplate allows customization of individual replica configurations in a Component." - properties: - annotations: - additionalProperties: - type: "string" - description: "Specifies a map of key-value pairs to be merged into the Pod's existing annotations. Existing keys will have their values overwritten, while new keys will be added to the annotations." - type: "object" - env: - description: "Defines Env to override. Add new or override existing envs." - items: - description: "EnvVar represents an environment variable present in a Container." - properties: - name: - description: "Name of the environment variable. Must be a C_IDENTIFIER." - type: "string" - value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." - type: "string" - valueFrom: - description: "Source for the environment variable's value. Cannot be used if value is not empty." - properties: - configMapKeyRef: - description: "Selects a key of a ConfigMap." - properties: - key: - description: "The key to select." - type: "string" - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "Specify whether the ConfigMap or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." - type: "string" - fieldPath: - description: "Path of the field to select in the specified API version." - type: "string" - required: - - "fieldPath" - type: "object" - x-kubernetes-map-type: "atomic" - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: "string" - divisor: - anyOf: - - type: "integer" - - type: "string" - description: "Specifies the output format of the exposed resources, defaults to \"1\"" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: "string" - required: - - "resource" - type: "object" - x-kubernetes-map-type: "atomic" - secretKeyRef: - description: "Selects a key of a secret in the pod's namespace" - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - required: - - "name" - type: "object" - type: "array" - image: - description: "Specifies an override for the first container's image in the Pod." - type: "string" - labels: - additionalProperties: - type: "string" - description: "Specifies a map of key-value pairs that will be merged into the Pod's existing labels. Values for existing keys will be overwritten, and new keys will be added." + replicas: + description: "Deprecated: since v0.9, use scaleOut and scaleIn instead. Specifies the number of replicas for the component. Cannot be used with \"scaleIn\" and \"scaleOut\"." + format: "int32" + minimum: 0.0 + type: "integer" + scaleIn: + description: "Specifies the replica changes for scaling in components and instance templates, and takes specified instances offline. Can be used in conjunction with the \"scaleOut\" operation. Note: Any configuration that creates instances is considered invalid." + properties: + instances: + description: "Modifies the desired replicas count for existing InstanceTemplate. if the inst" + items: + description: "InstanceReplicasTemplate defines the template for instance replicas." + properties: + name: + description: "Specifies the name of the instance template." + type: "string" + replicaChanges: + description: "Specifies the replica changes for the instance template." + format: "int32" + minimum: 0.0 + type: "integer" + required: + - "name" + - "replicaChanges" type: "object" - name: - description: "Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns." - maxLength: 54 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" - nodeName: - description: "Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. \n Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in \"Pending\" state until the node is available or the Pod is deleted." + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + onlineInstancesToOffline: + description: "Specifies the instance names that need to be taken offline." + items: type: "string" - nodeSelector: - additionalProperties: - type: "string" - description: "Defines NodeSelector to override." + type: "array" + replicaChanges: + description: "Specifies the replica changes for the component." + format: "int32" + minimum: 0.0 + type: "integer" + type: "object" + scaleOut: + description: "Specifies the replica changes for scaling out components and instance templates, and brings offline instances back online. Can be used in conjunction with the \"scaleIn\" operation. Note: Any configuration that deletes instances is considered invalid." + properties: + instances: + description: "Modifies the desired replicas count for existing InstanceTemplate. if the inst" + items: + description: "InstanceReplicasTemplate defines the template for instance replicas." + properties: + name: + description: "Specifies the name of the instance template." + type: "string" + replicaChanges: + description: "Specifies the replica changes for the instance template." + format: "int32" + minimum: 0.0 + type: "integer" + required: + - "name" + - "replicaChanges" type: "object" - replicas: - default: 1 - description: "Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation." - format: "int32" - minimum: 0.0 - type: "integer" - resources: - description: "Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container." + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + newInstances: + description: "Defines the configuration for new instances added during scaling, including resource requirements, labels, annotations, etc. New instances are created based on the provided instance templates." + items: + description: "InstanceTemplate allows customization of individual replica configurations in a Component." properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + annotations: + additionalProperties: + type: "string" + description: "Specifies a map of key-value pairs to be merged into the Pod's existing annotations. Existing keys will have their values overwritten, while new keys will be added to the annotations." + type: "object" + env: + description: "Defines Env to override. Add new or override existing envs." items: - description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + description: "EnvVar represents an environment variable present in a Container." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" required: - "name" type: "object" type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - limits: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - requests: + image: + description: "Specifies an override for the first container's image in the Pod." + type: "string" + labels: additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - type: "object" - tolerations: - description: "Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones." - items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." - properties: - effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." - type: "string" - key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." - type: "string" - operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." - type: "string" - tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." - format: "int64" - type: "integer" - value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" - type: "object" - type: "array" - volumeClaimTemplates: - description: "Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates." - items: - properties: - name: - description: "Refers to the name of a volumeMount defined in either: \n - `componentDefinition.spec.runtime.containers[*].volumeMounts` - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) \n The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array." - type: "string" - spec: - description: "Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. \n When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field." - properties: - accessModes: - description: "Contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1." - items: - type: "string" - type: "array" - x-kubernetes-preserve-unknown-fields: true - resources: - description: "Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources." - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." - items: - description: "ResourceClaim references one entry in PodSpec.ResourceClaims." - properties: - name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." - type: "string" - required: - - "name" - type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - limits: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - requests: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - type: "object" - x-kubernetes-preserve-unknown-fields: true - storageClassName: - description: "The name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1." - type: "string" - volumeMode: - description: "Defines what type of volume is required by the claim, either Block or Filesystem." - type: "string" - type: "object" - required: - - "name" - type: "object" - type: "array" - volumeMounts: - description: "Defines VolumeMounts to override. Add new or override existing volume mounts of the first container in the Pod." - items: - description: "VolumeMount describes a mounting of a Volume within a container." - properties: - mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." - type: "string" - mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." - type: "string" - name: - description: "This must match the Name of a Volume." - type: "string" - readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." - type: "boolean" - subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." - type: "string" - subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." - type: "string" - required: - - "mountPath" - - "name" - type: "object" - type: "array" - volumes: - description: "Defines Volumes to override. Add new or override existing volumes." - items: - description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." - properties: - awsElasticBlockStore: - description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - properties: - fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" - type: "string" - partition: - description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." - format: "int32" - type: "integer" - readOnly: - description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: "boolean" - volumeID: - description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: "string" - required: - - "volumeID" - type: "object" - azureDisk: - description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." - properties: - cachingMode: - description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." - type: "string" - diskName: - description: "diskName is the Name of the data disk in the blob storage" - type: "string" - diskURI: - description: "diskURI is the URI of data disk in the blob storage" - type: "string" - fsType: - description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." - type: "string" - kind: - description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" - type: "string" - readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: "boolean" - required: - - "diskName" - - "diskURI" - type: "object" - azureFile: - description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." - properties: - readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: "boolean" - secretName: - description: "secretName is the name of secret that contains Azure Storage Account Name and Key" - type: "string" - shareName: - description: "shareName is the azure share Name" - type: "string" - required: - - "secretName" - - "shareName" - type: "object" - cephfs: - description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" - properties: - monitors: - description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - items: - type: "string" - type: "array" - path: - description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" - type: "string" - readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: "boolean" - secretFile: - description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: "string" - secretRef: - description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - user: - description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: "string" - required: - - "monitors" - type: "object" - cinder: - description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - properties: - fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: "string" - readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: "boolean" - secretRef: - description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - volumeID: - description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: "string" - required: - - "volumeID" - type: "object" - configMap: - description: "configMap represents a configMap that should populate this volume" - properties: - defaultMode: - description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - items: - description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." - items: - description: "Maps a string key to a path within a volume." - properties: - key: - description: "key is the key to project." - type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." - type: "string" - required: - - "key" - - "path" - type: "object" - type: "array" - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "optional specify whether the ConfigMap or its keys must be defined" - type: "boolean" - type: "object" - x-kubernetes-map-type: "atomic" - csi: - description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." - properties: - driver: - description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." - type: "string" - fsType: - description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." - type: "string" - nodePublishSecretRef: - description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + description: "Specifies a map of key-value pairs that will be merged into the Pod's existing labels. Values for existing keys will be overwritten, and new keys will be added." + type: "object" + name: + description: "Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns." + maxLength: 54 + pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + type: "string" + replicas: + default: 1 + description: "Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation." + format: "int32" + minimum: 0.0 + type: "integer" + resources: + description: "Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." type: "string" + required: + - "name" type: "object" - x-kubernetes-map-type: "atomic" - readOnly: - description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." - type: "boolean" - volumeAttributes: - additionalProperties: - type: "string" - description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." - type: "object" - required: - - "driver" - type: "object" - downwardAPI: - description: "downwardAPI represents downward API about the pod that should populate this volume" - properties: - defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - items: - description: "Items is a list of downward API volume file" - items: - description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" - properties: - fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." - properties: - apiVersion: - description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." - type: "string" - fieldPath: - description: "Path of the field to select in the specified API version." - type: "string" - required: - - "fieldPath" - type: "object" - x-kubernetes-map-type: "atomic" - mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" - type: "string" - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: "string" - divisor: - anyOf: - - type: "integer" - - type: "string" - description: "Specifies the output format of the exposed resources, defaults to \"1\"" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: "string" - required: - - "resource" - type: "object" - x-kubernetes-map-type: "atomic" - required: - - "path" - type: "object" - type: "array" - type: "object" - emptyDir: - description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" - properties: - medium: - description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" - type: "string" - sizeLimit: + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: anyOf: - type: "integer" - type: "string" - description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - type: "object" - ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." - properties: - metadata: - description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." - properties: - annotations: - additionalProperties: - type: "string" - type: "object" - finalizers: - items: - type: "string" - type: "array" - labels: - additionalProperties: - type: "string" - type: "object" - name: - type: "string" - namespace: - type: "string" - type: "object" - spec: - description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." - properties: - accessModes: - description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: "string" - type: "array" - dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." - properties: - apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." - type: "string" - kind: - description: "Kind is the type of resource being referenced" - type: "string" - name: - description: "Name is the name of resource being referenced" - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + schedulingPolicy: + description: "Specifies the scheduling policy for the Component." + properties: + affinity: + description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." + properties: + nodeAffinity: + description: "Describes node affinity scheduling rules for the pod." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: - apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." - type: "string" - kind: - description: "Kind is the type of resource being referenced" - type: "string" - name: - description: "Name is the name of resource being referenced" - type: "string" - namespace: - description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." - type: "string" + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" required: - - "kind" - - "name" + - "preference" + - "weight" type: "object" - resources: - description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + properties: + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." + items: + description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + required: + - "nodeSelectorTerms" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." - items: - description: "ResourceClaim references one entry in PodSpec.ResourceClaims." - properties: - name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: type: "string" - required: - - "name" - type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - limits: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - requests: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" type: "object" - selector: - description: "selector is a label query over volumes to consider for binding." + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: type: "string" - operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" type: "object" - x-kubernetes-map-type: "atomic" - storageClassName: - description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" - type: "string" - volumeMode: - description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." - type: "string" - volumeName: - description: "volumeName is the binding reference to the PersistentVolume backing this claim." - type: "string" - type: "object" - required: - - "spec" - type: "object" - type: "object" - fc: - description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." - properties: - fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" - type: "string" - lun: - description: "lun is Optional: FC target lun number" - format: "int32" - type: "integer" - readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: "boolean" - targetWWNs: - description: "targetWWNs is Optional: FC target worldwide names (WWNs)" - items: - type: "string" - type: "array" - wwids: - description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." - items: - type: "string" - type: "array" - type: "object" - flexVolume: - description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." - properties: - driver: - description: "driver is the name of the driver to use for this volume." - type: "string" - fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." - type: "string" - options: - additionalProperties: - type: "string" - description: "options is Optional: this field holds extra command options if any." - type: "object" - readOnly: - description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: "boolean" - secretRef: - description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - required: - - "driver" - type: "object" - flocker: - description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" - properties: - datasetName: - description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" - type: "string" - datasetUUID: - description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" - type: "string" - type: "object" - gcePersistentDisk: - description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - properties: - fsType: - description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" - type: "string" - partition: - description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - format: "int32" - type: "integer" - pdName: - description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: "string" - readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: "boolean" - required: - - "pdName" - type: "object" - gitRepo: - description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." - properties: - directory: - description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." - type: "string" - repository: - description: "repository is the URL" - type: "string" - revision: - description: "revision is the commit hash for the specified revision." - type: "string" - required: - - "repository" - type: "object" - glusterfs: - description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" - properties: - endpoints: - description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: "string" - path: - description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: "string" - readOnly: - description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: "boolean" - required: - - "endpoints" - - "path" - type: "object" - hostPath: - description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." - properties: - path: - description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" - type: "string" - type: - description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" - type: "string" - required: - - "path" - type: "object" - iscsi: - description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" - properties: - chapAuthDiscovery: - description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" - type: "boolean" - chapAuthSession: - description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" - type: "boolean" - fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" - type: "string" - initiatorName: - description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." - type: "string" - iqn: - description: "iqn is the target iSCSI Qualified Name." - type: "string" - iscsiInterface: - description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." - type: "string" - lun: - description: "lun represents iSCSI Target Lun number." - format: "int32" - type: "integer" - portals: - description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." - items: - type: "string" - type: "array" - readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." - type: "boolean" - secretRef: - description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - targetPortal: - description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." - type: "string" - required: - - "iqn" - - "lun" - - "targetPortal" - type: "object" - name: - description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - nfs: - description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - properties: - path: - description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: "string" - readOnly: - description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: "boolean" - server: - description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: "string" - required: - - "path" - - "server" - type: "object" - persistentVolumeClaim: - description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - claimName: - description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - type: "string" - readOnly: - description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." - type: "boolean" - required: - - "claimName" - type: "object" - photonPersistentDisk: - description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" - properties: - fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." - type: "string" - pdID: - description: "pdID is the ID that identifies Photon Controller persistent disk" - type: "string" - required: - - "pdID" - type: "object" - portworxVolume: - description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" - properties: - fsType: - description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." - type: "string" - readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: "boolean" - volumeID: - description: "volumeID uniquely identifies a Portworx volume" - type: "string" - required: - - "volumeID" - type: "object" - projected: - description: "projected items for all in one resources secrets, configmaps, and downward API" - properties: - defaultMode: - description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - sources: - description: "sources is the list of volume projections" - items: - description: "Projection that may be projected along with other supported volume types" + type: "array" + type: "object" + podAntiAffinity: + description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." properties: - configMap: - description: "configMap information about the configMap data to project" - properties: - items: - description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." - items: - description: "Maps a string key to a path within a volume." - properties: - key: - description: "key is the key to project." - type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." - type: "string" - required: - - "key" - - "path" - type: "object" - type: "array" - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "optional specify whether the ConfigMap or its keys must be defined" - type: "boolean" - type: "object" - x-kubernetes-map-type: "atomic" - downwardAPI: - description: "downwardAPI information about the downwardAPI data to project" - properties: - items: - description: "Items is a list of DownwardAPIVolume file" - items: - description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." properties: - fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + labelSelector: + description: "A label query over a set of resources, in this case pods." properties: - apiVersion: - description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." - type: "string" - fieldPath: - description: "Path of the field to select in the specified API version." - type: "string" - required: - - "fieldPath" + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" x-kubernetes-map-type: "atomic" - mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" - type: "string" - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: "string" - divisor: - anyOf: - - type: "integer" - - type: "string" - description: "Specifies the output format of the exposed resources, defaults to \"1\"" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: "string" - required: - - "resource" + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" x-kubernetes-map-type: "atomic" - required: - - "path" - type: "object" - type: "array" - type: "object" - secret: - description: "secret information about the secret data to project" - properties: - items: - description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." - items: - description: "Maps a string key to a path within a volume." - properties: - key: - description: "key is the key to project." - type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" required: - - "key" - - "path" + - "topologyKey" type: "object" - type: "array" - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "optional field specify whether the Secret or its key must be defined" - type: "boolean" - type: "object" - x-kubernetes-map-type: "atomic" - serviceAccountToken: - description: "serviceAccountToken is information about the serviceAccountToken data to project" - properties: - audience: - description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." - type: "string" - expirationSeconds: - description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." - format: "int64" - type: "integer" - path: - description: "path is the path relative to the mount point of the file to project the token into." - type: "string" - required: - - "path" - type: "object" - type: "object" - type: "array" - type: "object" - quobyte: - description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" - properties: - group: - description: "group to map volume access to Default is no group" - type: "string" - readOnly: - description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." - type: "boolean" - registry: - description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" - type: "string" - tenant: - description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" - type: "string" - user: - description: "user to map volume access to Defaults to serivceaccount user" - type: "string" - volume: - description: "volume is a string that references an already created Quobyte volume by name." + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + nodeName: + description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements." + type: "string" + nodeSelector: + additionalProperties: type: "string" - required: - - "registry" - - "volume" - type: "object" - rbd: - description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + description: "NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: "object" + x-kubernetes-map-type: "atomic" + schedulerName: + description: "If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler." + type: "string" + tolerations: + description: "Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. \n - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. \n Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + topologySpreadConstraints: + description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed." + items: + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." + properties: + labelSelector: + description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." + format: "int32" + type: "integer" + minDomains: + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + format: "int32" + type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + type: "string" + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." + type: "string" + required: + - "maxSkew" + - "topologyKey" + - "whenUnsatisfiable" + type: "object" + type: "array" + type: "object" + volumeClaimTemplates: + description: "Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates." + items: properties: - fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" - type: "string" - image: - description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: "string" - keyring: - description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: "string" - monitors: - description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - items: - type: "string" - type: "array" - pool: - description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + name: + description: "Refers to the name of a volumeMount defined in either: \n - `componentDefinition.spec.runtime.containers[*].volumeMounts` - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) \n The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array." type: "string" - readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: "boolean" - secretRef: - description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + spec: + description: "Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. \n When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field." properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + accessModes: + description: "Contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1." + items: + type: "string" + type: "array" + x-kubernetes-preserve-unknown-fields: true + resources: + description: "Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + x-kubernetes-preserve-unknown-fields: true + storageClassName: + description: "The name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1." + type: "string" + volumeMode: + description: "Defines what type of volume is required by the claim, either Block or Filesystem." type: "string" type: "object" - x-kubernetes-map-type: "atomic" - user: - description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: "string" required: - - "image" - - "monitors" + - "name" type: "object" - scaleIO: - description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + type: "array" + volumeMounts: + description: "Defines VolumeMounts to override. Add new or override existing volume mounts of the first container in the Pod." + items: + description: "VolumeMount describes a mounting of a Volume within a container." properties: - fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + mountPath: + description: "Path within the container at which the volume should be mounted. Must not contain ':'." type: "string" - gateway: - description: "gateway is the host address of the ScaleIO API Gateway." + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." type: "string" - protectionDomain: - description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." + name: + description: "This must match the Name of a Volume." type: "string" readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: "boolean" - secretRef: - description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - sslEnabled: - description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" + description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." type: "boolean" - storageMode: - description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." - type: "string" - storagePool: - description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." - type: "string" - system: - description: "system is the name of the storage system as configured in ScaleIO." + subPath: + description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." type: "string" - volumeName: - description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." type: "string" required: - - "gateway" - - "secretRef" - - "system" - type: "object" - secret: - description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - properties: - defaultMode: - description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - items: - description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." - items: - description: "Maps a string key to a path within a volume." - properties: - key: - description: "key is the key to project." - type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." - type: "string" - required: - - "key" - - "path" - type: "object" - type: "array" - optional: - description: "optional field specify whether the Secret or its keys must be defined" - type: "boolean" - secretName: - description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - type: "string" + - "mountPath" + - "name" type: "object" - storageos: - description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + type: "array" + volumes: + description: "Defines Volumes to override. Add new or override existing volumes." + items: + description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." properties: - fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." - type: "string" - readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: "boolean" - secretRef: - description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + awsElasticBlockStore: + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + format: "int32" + type: "integer" + readOnly: + description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "boolean" + volumeID: + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" + required: + - "volumeID" type: "object" - x-kubernetes-map-type: "atomic" - volumeName: - description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." - type: "string" - volumeNamespace: - description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." - type: "string" - type: "object" - vsphereVolume: - description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" - properties: - fsType: - description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." - type: "string" - storagePolicyID: - description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." - type: "string" - storagePolicyName: - description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." - type: "string" - volumePath: - description: "volumePath is the path that identifies vSphere volume vmdk" + azureDisk: + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + properties: + cachingMode: + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." + type: "string" + diskName: + description: "diskName is the Name of the data disk in the blob storage" + type: "string" + diskURI: + description: "diskURI is the URI of data disk in the blob storage" + type: "string" + fsType: + description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + kind: + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + required: + - "diskName" + - "diskURI" + type: "object" + azureFile: + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + properties: + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretName: + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" + type: "string" + shareName: + description: "shareName is the azure share Name" + type: "string" + required: + - "secretName" + - "shareName" + type: "object" + cephfs: + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + properties: + monitors: + description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + items: + type: "string" + type: "array" + path: + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + type: "string" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "boolean" + secretFile: + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + secretRef: + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + required: + - "monitors" + type: "object" + cinder: + description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "boolean" + secretRef: + description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeID: + description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + required: + - "volumeID" + type: "object" + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + csi: + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + properties: + driver: + description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + type: "string" + fsType: + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + type: "string" + nodePublishSecretRef: + description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + readOnly: + description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." + type: "boolean" + volumeAttributes: + additionalProperties: + type: "string" + description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + type: "object" + required: + - "driver" + type: "object" + downwardAPI: + description: "downwardAPI represents downward API about the pod that should populate this volume" + properties: + defaultMode: + description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "Items is a list of downward API volume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + emptyDir: + description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + properties: + medium: + description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + type: "string" + sizeLimit: + anyOf: + - type: "integer" + - type: "string" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: "object" + ephemeral: + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." + properties: + metadata: + description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + finalizers: + items: + type: "string" + type: "array" + labels: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + namespace: + type: "string" + type: "object" + spec: + description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + properties: + accessModes: + description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + selector: + description: "selector is a label query over volumes to consider for binding." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + type: "string" + volumeMode: + description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." + type: "string" + type: "object" + required: + - "spec" + type: "object" + type: "object" + fc: + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + lun: + description: "lun is Optional: FC target lun number" + format: "int32" + type: "integer" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + targetWWNs: + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" + items: + type: "string" + type: "array" + wwids: + description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + items: + type: "string" + type: "array" + type: "object" + flexVolume: + description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + properties: + driver: + description: "driver is the name of the driver to use for this volume." + type: "string" + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + type: "string" + options: + additionalProperties: + type: "string" + description: "options is Optional: this field holds extra command options if any." + type: "object" + readOnly: + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "driver" + type: "object" + flocker: + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + properties: + datasetName: + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + type: "string" + datasetUUID: + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" + type: "string" + type: "object" + gcePersistentDisk: + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + properties: + fsType: + description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + format: "int32" + type: "integer" + pdName: + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "boolean" + required: + - "pdName" + type: "object" + gitRepo: + description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + properties: + directory: + description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + type: "string" + repository: + description: "repository is the URL" + type: "string" + revision: + description: "revision is the commit hash for the specified revision." + type: "string" + required: + - "repository" + type: "object" + glusterfs: + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + properties: + endpoints: + description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + path: + description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + readOnly: + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "boolean" + required: + - "endpoints" + - "path" + type: "object" + hostPath: + description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + properties: + path: + description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + type: + description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + required: + - "path" + type: "object" + iscsi: + description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + properties: + chapAuthDiscovery: + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" + type: "boolean" + chapAuthSession: + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" + type: "boolean" + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + initiatorName: + description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + type: "string" + iqn: + description: "iqn is the target iSCSI Qualified Name." + type: "string" + iscsiInterface: + description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + type: "string" + lun: + description: "lun represents iSCSI Target Lun number." + format: "int32" + type: "integer" + portals: + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + items: + type: "string" + type: "array" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + type: "boolean" + secretRef: + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + targetPortal: + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + type: "string" + required: + - "iqn" + - "lun" + - "targetPortal" + type: "object" + name: + description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" + nfs: + description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + properties: + path: + description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + readOnly: + description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "boolean" + server: + description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + required: + - "path" + - "server" + type: "object" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." + type: "boolean" + required: + - "claimName" + type: "object" + photonPersistentDisk: + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + pdID: + description: "pdID is the ID that identifies Photon Controller persistent disk" + type: "string" + required: + - "pdID" + type: "object" + portworxVolume: + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + volumeID: + description: "volumeID uniquely identifies a Portworx volume" + type: "string" + required: + - "volumeID" + type: "object" + projected: + description: "projected items for all in one resources secrets, configmaps, and downward API" + properties: + defaultMode: + description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + sources: + description: "sources is the list of volume projections" + items: + description: "Projection that may be projected along with other supported volume types" + properties: + configMap: + description: "configMap information about the configMap data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + downwardAPI: + description: "downwardAPI information about the downwardAPI data to project" + properties: + items: + description: "Items is a list of DownwardAPIVolume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + secret: + description: "secret information about the secret data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional field specify whether the Secret or its key must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + serviceAccountToken: + description: "serviceAccountToken is information about the serviceAccountToken data to project" + properties: + audience: + description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + type: "string" + expirationSeconds: + description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + format: "int64" + type: "integer" + path: + description: "path is the path relative to the mount point of the file to project the token into." + type: "string" + required: + - "path" + type: "object" + type: "object" + type: "array" + type: "object" + quobyte: + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + properties: + group: + description: "group to map volume access to Default is no group" + type: "string" + readOnly: + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + type: "boolean" + registry: + description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + type: "string" + tenant: + description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + type: "string" + user: + description: "user to map volume access to Defaults to serivceaccount user" + type: "string" + volume: + description: "volume is a string that references an already created Quobyte volume by name." + type: "string" + required: + - "registry" + - "volume" + type: "object" + rbd: + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + image: + description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + keyring: + description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + monitors: + description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + items: + type: "string" + type: "array" + pool: + description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "boolean" + secretRef: + description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + required: + - "image" + - "monitors" + type: "object" + scaleIO: + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + type: "string" + gateway: + description: "gateway is the host address of the ScaleIO API Gateway." + type: "string" + protectionDomain: + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + sslEnabled: + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" + type: "boolean" + storageMode: + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + type: "string" + storagePool: + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." + type: "string" + system: + description: "system is the name of the storage system as configured in ScaleIO." + type: "string" + volumeName: + description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." + type: "string" + required: + - "gateway" + - "secretRef" + - "system" + type: "object" + secret: + description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + storageos: + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeName: + description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + type: "string" + volumeNamespace: + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + type: "string" + type: "object" + vsphereVolume: + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + storagePolicyID: + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + type: "string" + storagePolicyName: + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." + type: "string" + volumePath: + description: "volumePath is the path that identifies vSphere volume vmdk" + type: "string" + required: + - "volumePath" + type: "object" required: - - "volumePath" + - "name" type: "object" - required: - - "name" - type: "object" - type: "array" - required: - - "name" - type: "object" - type: "array" - offlineInstances: - description: "Specifies the names of instances to be scaled down. This provides control over which specific instances are targeted for termination when reducing the replica count." - items: - type: "string" - type: "array" - replicas: - description: "Specifies the number of total replicas." - format: "int32" - minimum: 0.0 - type: "integer" + type: "array" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + offlineInstancesToOnline: + description: "Specifies the instances in the offline list to bring back online." + items: + type: "string" + type: "array" + replicaChanges: + description: "Specifies the replica changes for the component." + format: "int32" + minimum: 0.0 + type: "integer" + type: "object" required: - "componentName" - - "replicas" type: "object" type: "array" x-kubernetes-list-map-keys: @@ -2163,6 +2778,9 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2232,6 +2850,9 @@ spec: - "volumeClaimTemplates" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" volumeClaimTemplates: description: "Specifies a list of OpsRequestVolumeClaimTemplate objects, defining the volumeClaimTemplates that are used to expand the storage and the desired storage size for each one." items: @@ -2474,197 +3095,745 @@ spec: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." type: "string" - required: - - "name" - type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - componentDefinitionName: - description: "Records the name of the ComponentDefinition prior to any changes." - type: "string" - instances: - description: "Records the InstanceTemplate list of the Component prior to any changes." - items: - description: "InstanceTemplate allows customization of individual replica configurations in a Component." - properties: - annotations: + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + componentDefinitionName: + description: "Records the name of the ComponentDefinition prior to any changes." + type: "string" + instances: + description: "Records the InstanceTemplate list of the Component prior to any changes." + items: + description: "InstanceTemplate allows customization of individual replica configurations in a Component." + properties: + annotations: + additionalProperties: + type: "string" + description: "Specifies a map of key-value pairs to be merged into the Pod's existing annotations. Existing keys will have their values overwritten, while new keys will be added to the annotations." + type: "object" + env: + description: "Defines Env to override. Add new or override existing envs." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + image: + description: "Specifies an override for the first container's image in the Pod." + type: "string" + labels: additionalProperties: type: "string" - description: "Specifies a map of key-value pairs to be merged into the Pod's existing annotations. Existing keys will have their values overwritten, while new keys will be added to the annotations." + description: "Specifies a map of key-value pairs that will be merged into the Pod's existing labels. Values for existing keys will be overwritten, and new keys will be added." type: "object" - env: - description: "Defines Env to override. Add new or override existing envs." - items: - description: "EnvVar represents an environment variable present in a Container." - properties: - name: - description: "Name of the environment variable. Must be a C_IDENTIFIER." - type: "string" - value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + name: + description: "Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns." + maxLength: 54 + pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + type: "string" + replicas: + default: 1 + description: "Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation." + format: "int32" + minimum: 0.0 + type: "integer" + resources: + description: "Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + schedulingPolicy: + description: "Specifies the scheduling policy for the Component." + properties: + affinity: + description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." + properties: + nodeAffinity: + description: "Describes node affinity scheduling rules for the pod." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + properties: + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "preference" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + properties: + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." + items: + description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + required: + - "nodeSelectorTerms" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + nodeName: + description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements." + type: "string" + nodeSelector: + additionalProperties: type: "string" - valueFrom: - description: "Source for the environment variable's value. Cannot be used if value is not empty." + description: "NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: "object" + x-kubernetes-map-type: "atomic" + schedulerName: + description: "If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler." + type: "string" + tolerations: + description: "Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. \n - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. \n Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." properties: - configMapKeyRef: - description: "Selects a key of a ConfigMap." - properties: - key: - description: "The key to select." - type: "string" - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "Specify whether the ConfigMap or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." - type: "string" - fieldPath: - description: "Path of the field to select in the specified API version." - type: "string" - required: - - "fieldPath" - type: "object" - x-kubernetes-map-type: "atomic" - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: "string" - divisor: - anyOf: - - type: "integer" - - type: "string" - description: "Specifies the output format of the exposed resources, defaults to \"1\"" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: "string" - required: - - "resource" - type: "object" - x-kubernetes-map-type: "atomic" - secretKeyRef: - description: "Selects a key of a secret in the pod's namespace" - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" type: "object" - required: - - "name" - type: "object" - type: "array" - image: - description: "Specifies an override for the first container's image in the Pod." - type: "string" - labels: - additionalProperties: - type: "string" - description: "Specifies a map of key-value pairs that will be merged into the Pod's existing labels. Values for existing keys will be overwritten, and new keys will be added." - type: "object" - name: - description: "Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns." - maxLength: 54 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" - nodeName: - description: "Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. \n Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in \"Pending\" state until the node is available or the Pod is deleted." - type: "string" - nodeSelector: - additionalProperties: - type: "string" - description: "Defines NodeSelector to override." - type: "object" - replicas: - default: 1 - description: "Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation." - format: "int32" - minimum: 0.0 - type: "integer" - resources: - description: "Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container." - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + type: "array" + topologySpreadConstraints: + description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed." items: - description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." properties: - name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + labelSelector: + description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." + format: "int32" + type: "integer" + minDomains: + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + format: "int32" + type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + type: "string" + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." type: "string" required: - - "name" + - "maxSkew" + - "topologyKey" + - "whenUnsatisfiable" type: "object" type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - limits: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - requests: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" type: "object" - tolerations: - description: "Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones." - items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." - properties: - effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." - type: "string" - key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." - type: "string" - operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." - type: "string" - tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." - format: "int64" - type: "integer" - value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." - type: "string" - type: "object" - type: "array" volumeClaimTemplates: description: "Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates." items: diff --git a/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/instancesets.yaml b/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/instancesets.yaml index 011030519..29de6346f 100644 --- a/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/instancesets.yaml +++ b/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/instancesets.yaml @@ -318,14 +318,6 @@ spec: maxLength: 54 pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" type: "string" - nodeName: - description: "Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. \n Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in \"Pending\" state until the node is available or the Pod is deleted." - type: "string" - nodeSelector: - additionalProperties: - type: "string" - description: "Defines NodeSelector to override." - type: "object" replicas: default: 1 description: "Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation." @@ -369,29 +361,585 @@ spec: description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" - tolerations: - description: "Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones." - items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." - properties: - effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." - type: "string" - key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." - type: "string" - operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." - type: "string" - tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." - format: "int64" - type: "integer" - value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + schedulingPolicy: + description: "Specifies the scheduling policy for the Component." + properties: + affinity: + description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." + properties: + nodeAffinity: + description: "Describes node affinity scheduling rules for the pod." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + properties: + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "preference" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + properties: + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." + items: + description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + required: + - "nodeSelectorTerms" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + nodeName: + description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements." + type: "string" + nodeSelector: + additionalProperties: type: "string" - type: "object" - type: "array" + description: "NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: "object" + x-kubernetes-map-type: "atomic" + schedulerName: + description: "If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler." + type: "string" + tolerations: + description: "Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. \n - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. \n Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + topologySpreadConstraints: + description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed." + items: + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." + properties: + labelSelector: + description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." + format: "int32" + type: "integer" + minDomains: + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + format: "int32" + type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + type: "string" + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." + type: "string" + required: + - "maxSkew" + - "topologyKey" + - "whenUnsatisfiable" + type: "object" + type: "array" + type: "object" volumeClaimTemplates: description: "Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates." items: diff --git a/crd-catalog/aws/eks-anywhere/anywhere.eks.amazonaws.com/v1alpha1/nutanixdatacenterconfigs.yaml b/crd-catalog/aws/eks-anywhere/anywhere.eks.amazonaws.com/v1alpha1/nutanixdatacenterconfigs.yaml index 8238ff5e6..0ab216c66 100644 --- a/crd-catalog/aws/eks-anywhere/anywhere.eks.amazonaws.com/v1alpha1/nutanixdatacenterconfigs.yaml +++ b/crd-catalog/aws/eks-anywhere/anywhere.eks.amazonaws.com/v1alpha1/nutanixdatacenterconfigs.yaml @@ -43,6 +43,60 @@ spec: endpoint: description: "Endpoint is the Endpoint of Nutanix Prism Central" type: "string" + failureDomains: + description: "FailureDomains is the optional list of failure domains for the Nutanix Datacenter." + items: + description: "NutanixDatacenterFailureDomain defines the failure domain for the Nutanix Datacenter." + properties: + cluster: + description: "Cluster is the Prism Element cluster name or uuid that is connected to the Prism Central." + properties: + name: + description: "name is the resource name in the PC" + type: "string" + type: + description: "Type is the identifier type to use for this resource." + enum: + - "uuid" + - "name" + type: "string" + uuid: + description: "uuid is the UUID of the resource in the PC." + type: "string" + required: + - "type" + type: "object" + name: + description: "Name is the unique name of the failure domain. Name must be between 1 and 64 characters long. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character." + maxLength: 64 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + subnets: + description: "Subnets holds the list of subnets identifiers cluster's network subnets." + items: + description: "NutanixResourceIdentifier holds the identity of a Nutanix Prism resource (cluster, image, subnet, etc.)" + properties: + name: + description: "name is the resource name in the PC" + type: "string" + type: + description: "Type is the identifier type to use for this resource." + enum: + - "uuid" + - "name" + type: "string" + uuid: + description: "uuid is the UUID of the resource in the PC." + type: "string" + required: + - "type" + type: "object" + type: "array" + required: + - "name" + type: "object" + type: "array" insecure: description: "Insecure is the optional flag to skip TLS verification. Nutanix Prism Central installation by default ships with a self-signed certificate that will fail TLS verification because the certificate is not issued by a public CA and does not have the IP SANs with the Prism Central endpoint. To accommodate the scenario where the user has not changed the default Certificate that ships with Prism Central, we allow the user to skip TLS verification. This is not recommended for production use." type: "boolean" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml index add3747ba..ed0758fb4 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml @@ -3685,36 +3685,34 @@ spec: status: description: "Status is the status of the Cilium policy rule. \n The reason this field exists in this structure is due a bug in the k8s code-generator that doesn't create a `UpdateStatus` method because the field does not exist in the structure." properties: - derivativePolicies: - additionalProperties: - description: "CiliumNetworkPolicyNodeStatus is the status of a Cilium policy rule for a specific node." + conditions: + items: properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations corresponds to the Annotations in the ObjectMeta of the CNP that have been realized on the node for CNP. That is, if a CNP has been imported and has been assigned annotation X=Y by the user, Annotations in CiliumNetworkPolicyNodeStatus will be X=Y once the CNP that was imported corresponding to Annotation X=Y has been realized on the node." - type: "object" - enforcing: - description: "Enforcing is set to true once all endpoints present at the time the policy has been imported are enforcing this policy." - type: "boolean" - error: - description: "Error describes any error that occurred when parsing or importing the policy, or realizing the policy for the endpoints to which it applies on the node." - type: "string" - lastUpdated: - description: "LastUpdated contains the last time this status was updated" + lastTransitionTime: + description: "The last time the condition transitioned from one status to another." format: "date-time" type: "string" - localPolicyRevision: - description: "Revision is the policy revision of the repository which first implemented this policy." - format: "int64" - type: "integer" - ok: - description: "OK is true when the policy has been parsed and imported successfully into the in-memory policy repository on the node." - type: "boolean" + message: + description: "A human readable message indicating details about the transition." + type: "string" + reason: + description: "The reason for the condition's last transition." + type: "string" + status: + description: "The status of the condition, one of True, False, or Unknown" + type: "string" + type: + description: "The type of the policy condition" + type: "string" + required: + - "status" + - "type" type: "object" - description: "DerivativePolicies is the status of all policies derived from the Cilium policy" - type: "object" - nodes: + type: "array" + x-kubernetes-list-map-keys: + - "type" + x-kubernetes-list-type: "map" + derivativePolicies: additionalProperties: description: "CiliumNetworkPolicyNodeStatus is the status of a Cilium policy rule for a specific node." properties: @@ -3741,7 +3739,7 @@ spec: description: "OK is true when the policy has been parsed and imported successfully into the in-memory policy repository on the node." type: "boolean" type: "object" - description: "Nodes is the Cilium policy status for each node" + description: "DerivativePolicies is the status of all policies derived from the Cilium policy" type: "object" type: "object" required: diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml index 29785fa56..81ce57b28 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml @@ -3690,36 +3690,34 @@ spec: status: description: "Status is the status of the Cilium policy rule" properties: - derivativePolicies: - additionalProperties: - description: "CiliumNetworkPolicyNodeStatus is the status of a Cilium policy rule for a specific node." + conditions: + items: properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations corresponds to the Annotations in the ObjectMeta of the CNP that have been realized on the node for CNP. That is, if a CNP has been imported and has been assigned annotation X=Y by the user, Annotations in CiliumNetworkPolicyNodeStatus will be X=Y once the CNP that was imported corresponding to Annotation X=Y has been realized on the node." - type: "object" - enforcing: - description: "Enforcing is set to true once all endpoints present at the time the policy has been imported are enforcing this policy." - type: "boolean" - error: - description: "Error describes any error that occurred when parsing or importing the policy, or realizing the policy for the endpoints to which it applies on the node." - type: "string" - lastUpdated: - description: "LastUpdated contains the last time this status was updated" + lastTransitionTime: + description: "The last time the condition transitioned from one status to another." format: "date-time" type: "string" - localPolicyRevision: - description: "Revision is the policy revision of the repository which first implemented this policy." - format: "int64" - type: "integer" - ok: - description: "OK is true when the policy has been parsed and imported successfully into the in-memory policy repository on the node." - type: "boolean" + message: + description: "A human readable message indicating details about the transition." + type: "string" + reason: + description: "The reason for the condition's last transition." + type: "string" + status: + description: "The status of the condition, one of True, False, or Unknown" + type: "string" + type: + description: "The type of the policy condition" + type: "string" + required: + - "status" + - "type" type: "object" - description: "DerivativePolicies is the status of all policies derived from the Cilium policy" - type: "object" - nodes: + type: "array" + x-kubernetes-list-map-keys: + - "type" + x-kubernetes-list-type: "map" + derivativePolicies: additionalProperties: description: "CiliumNetworkPolicyNodeStatus is the status of a Cilium policy rule for a specific node." properties: @@ -3746,7 +3744,7 @@ spec: description: "OK is true when the policy has been parsed and imported successfully into the in-memory policy repository on the node." type: "boolean" type: "object" - description: "Nodes is the Cilium policy status for each node" + description: "DerivativePolicies is the status of all policies derived from the Cilium policy" type: "object" type: "object" required: diff --git a/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml b/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml index f088ea6af..168bdef43 100644 --- a/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml +++ b/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml @@ -1906,6 +1906,10 @@ spec: description: "Number of instances required in the cluster" minimum: 1.0 type: "integer" + livenessProbeTimeout: + description: "LivenessProbeTimeout is the time (in seconds) that is allowed for a PostgreSQL instance\nto successfully respond to the liveness probe (default 30).\nThe Liveness probe failure threshold is derived from this value using the formula:\nceiling(livenessProbe / 10)." + format: "int32" + type: "integer" logLevel: default: "info" description: "The instances' log level, one of the following values: error, warning, info (default), debug, trace" diff --git a/crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta1/cryostats.yaml b/crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta1/cryostats.yaml index c2e538832..ca93342c2 100644 --- a/crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta1/cryostats.yaml +++ b/crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta1/cryostats.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.11.1" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "cryostats.operator.cryostat.io" spec: group: "operator.cryostat.io" @@ -23,13 +23,13 @@ spec: name: "v1beta1" schema: openAPIV3Schema: - description: "Cryostat allows you to install Cryostat for a single namespace. It contains configuration options for controlling the Deployment of the Cryostat application and its related components. A ClusterCryostat or Cryostat instance must be created to instruct the operator to deploy the Cryostat application." + description: "Cryostat allows you to install Cryostat for a single namespace.\nIt contains configuration options for controlling the Deployment of the Cryostat\napplication and its related components.\nA Cryostat instance must be created to instruct the operator\nto deploy the Cryostat application." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -40,7 +40,7 @@ spec: description: "Override default authorization properties for Cryostat on OpenShift." properties: clusterRoleName: - description: "Name of the ClusterRole to use when Cryostat requests a role-scoped OAuth token. This ClusterRole should contain permissions for all Kubernetes objects listed in custom permission mapping. More details: https://docs.openshift.com/container-platform/4.11/authentication/tokens-scoping.html#scoping-tokens-role-scope_configuring-internal-oauth" + description: "Name of the ClusterRole to use when Cryostat requests a role-scoped OAuth token.\nThis ClusterRole should contain permissions for all Kubernetes objects listed in custom permission mapping.\nMore details: https://docs.openshift.com/container-platform/4.11/authentication/tokens-scoping.html#scoping-tokens-role-scope_configuring-internal-oauth" type: "string" configMapName: description: "Name of config map in the local namespace." @@ -54,7 +54,7 @@ spec: - "filename" type: "object" enableCertManager: - description: "Use cert-manager to secure in-cluster communication between Cryostat components. Requires cert-manager to be installed." + description: "Use cert-manager to secure in-cluster communication between Cryostat components.\nRequires cert-manager to be installed." type: "boolean" eventTemplates: description: "List of Flight Recorder Event Templates to preconfigure in Cryostat." @@ -102,10 +102,10 @@ spec: description: "Deploy a pared-down Cryostat instance with no Grafana Dashboard or JFR Data Source." type: "boolean" networkOptions: - description: "Options to control how the operator exposes the application outside of the cluster, such as using an Ingress or Route." + description: "Options to control how the operator exposes the application outside of the cluster,\nsuch as using an Ingress or Route." properties: commandConfig: - description: "Specifications for how to expose the Cryostat command service, which serves the WebSocket command channel. \n Deprecated: CommandConfig is no longer used." + description: "Specifications for how to expose the Cryostat command service,\nwhich serves the WebSocket command channel.\n\n\nDeprecated: CommandConfig is no longer used." properties: annotations: additionalProperties: @@ -113,16 +113,16 @@ spec: description: "Annotations to add to the Ingress or Route during its creation." type: "object" ingressSpec: - description: "Configuration for an Ingress object. Currently subpaths are not supported, so unique hosts must be specified (if a single external IP is being used) to differentiate between ingresses/services." + description: "Configuration for an Ingress object.\nCurrently subpaths are not supported, so unique hosts must be specified\n(if a single external IP is being used) to differentiate between ingresses/services." properties: defaultBackend: - description: "DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller." + description: "defaultBackend is the backend that should handle requests that don't\nmatch any rule. If Rules are not specified, DefaultBackend must be specified.\nIf DefaultBackend is not set, the handling of requests that do not match any\nof the rules will be up to the Ingress controller." properties: resource: - description: "Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with \"Service\"." + description: "resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -136,19 +136,19 @@ spec: type: "object" x-kubernetes-map-type: "atomic" service: - description: "Service references a Service as a Backend. This is a mutually exclusive setting with \"Resource\"." + description: "service references a service as a backend.\nThis is a mutually exclusive setting with \"Resource\"." properties: name: - description: "Name is the referenced service. The service must exist in the same namespace as the Ingress object." + description: "name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." type: "string" port: - description: "Port of the referenced service. A port name or port number is required for a IngressServiceBackend." + description: "port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." properties: name: - description: "Name is the name of the port on the Service. This is a mutually exclusive setting with \"Number\"." + description: "name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." type: "string" number: - description: "Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with \"Name\"." + description: "number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." format: "int32" type: "integer" type: "object" @@ -157,32 +157,32 @@ spec: type: "object" type: "object" ingressClassName: - description: "IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present." + description: "ingressClassName is the name of an IngressClass cluster resource. Ingress\ncontroller implementations use this field to know whether they should be\nserving this Ingress resource, by a transitive connection\n(controller -> IngressClass -> Ingress resource). Although the\n`kubernetes.io/ingress.class` annotation (simple constant name) was never\nformally defined, it was widely supported by Ingress controllers to create\na direct binding between Ingress controller and Ingress resources. Newly\ncreated Ingress resources should prefer using the field. However, even\nthough the annotation is officially deprecated, for backwards compatibility\nreasons, ingress controllers should still honor that annotation if present." type: "string" rules: - description: "A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend." + description: "rules is a list of host rules used to configure the Ingress. If unspecified,\nor no rule matches, all traffic is sent to the default backend." items: - description: "IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue." + description: "IngressRule represents the rules mapping the paths under a specified host to\nthe related backend services. Incoming requests are first evaluated for a host\nmatch, then routed to the backend associated with the matching IngressRuleValue." properties: host: - description: "Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. \n Host can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. \"*.foo.com\"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule." + description: "host is the fully qualified domain name of a network host, as defined by RFC 3986.\nNote the following deviations from the \"host\" part of the\nURI as defined in RFC 3986:\n1. IPs are not allowed. Currently an IngressRuleValue can only apply to\n the IP in the Spec of the parent Ingress.\n2. The `:` delimiter is not respected because ports are not allowed.\n\t Currently the port of an Ingress is implicitly :80 for http and\n\t :443 for https.\nBoth these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic based on the specified IngressRuleValue.\n\n\nhost can be \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' must appear by itself as the first DNS label and\nmatches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\").\nRequests will be matched against the Host field in the following way:\n1. If host is precise, the request matches this rule if the http host header is equal to Host.\n2. If host is a wildcard, then the request matches this rule if the http host header\nis to equal to the suffix (removing the first label) of the wildcard rule." type: "string" http: - description: "HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'." + description: "HTTPIngressRuleValue is a list of http selectors pointing to backends.\nIn the example: http:///? -> backend where\nwhere parts of the url correspond to RFC 3986, this resource will be used\nto match against everything after the last '/' and before the first '?'\nor '#'." properties: paths: - description: "A collection of paths that map requests to backends." + description: "paths is a collection of paths that map requests to backends." items: - description: "HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend." + description: "HTTPIngressPath associates a path with a backend. Incoming urls matching the\npath are forwarded to the backend." properties: backend: - description: "Backend defines the referenced service endpoint to which the traffic will be forwarded to." + description: "backend defines the referenced service endpoint to which the traffic\nwill be forwarded to." properties: resource: - description: "Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with \"Service\"." + description: "resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -196,19 +196,19 @@ spec: type: "object" x-kubernetes-map-type: "atomic" service: - description: "Service references a Service as a Backend. This is a mutually exclusive setting with \"Resource\"." + description: "service references a service as a backend.\nThis is a mutually exclusive setting with \"Resource\"." properties: name: - description: "Name is the referenced service. The service must exist in the same namespace as the Ingress object." + description: "name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." type: "string" port: - description: "Port of the referenced service. A port name or port number is required for a IngressServiceBackend." + description: "port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." properties: name: - description: "Name is the name of the port on the Service. This is a mutually exclusive setting with \"Number\"." + description: "name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." type: "string" number: - description: "Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with \"Name\"." + description: "number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." format: "int32" type: "integer" type: "object" @@ -217,10 +217,10 @@ spec: type: "object" type: "object" path: - description: "Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value \"Exact\" or \"Prefix\"." + description: "path is matched against the path of an incoming request. Currently it can\ncontain characters disallowed from the conventional \"path\" part of a URL\nas defined by RFC 3986. Paths must begin with a '/' and must be present\nwhen using PathType with value \"Exact\" or \"Prefix\"." type: "string" pathType: - description: "PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is done on a path element by element basis. A path element refers is the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). * ImplementationSpecific: Interpretation of the Path matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations are required to support all path types." + description: "pathType determines the interpretation of the path matching. PathType can\nbe one of the following values:\n* Exact: Matches the URL path exactly.\n* Prefix: Matches based on a URL path prefix split by '/'. Matching is\n done on a path element by element basis. A path element refers is the\n list of labels in the path split by the '/' separator. A request is a\n match for path p if every p is an element-wise prefix of p of the\n request path. Note that if the last element of the path is a substring\n of the last element in request path, it is not a match (e.g. /foo/bar\n matches /foo/bar/baz, but does not match /foo/barbaz).\n* ImplementationSpecific: Interpretation of the Path matching is up to\n the IngressClass. Implementations can treat this as a separate PathType\n or treat it identically to Prefix or Exact path types.\nImplementations are required to support all path types." type: "string" required: - "backend" @@ -235,18 +235,18 @@ spec: type: "array" x-kubernetes-list-type: "atomic" tls: - description: "TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI." + description: "tls represents the TLS configuration. Currently the Ingress only supports a\nsingle TLS port, 443. If multiple members of this list specify different hosts,\nthey will be multiplexed on the same port according to the hostname specified\nthrough the SNI TLS extension, if the ingress controller fulfilling the\ningress supports SNI." items: - description: "IngressTLS describes the transport layer security associated with an Ingress." + description: "IngressTLS describes the transport layer security associated with an ingress." properties: hosts: - description: "Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified." + description: "hosts is a list of hosts included in the TLS certificate. The values in\nthis list must match the name/s used in the tlsSecret. Defaults to the\nwildcard host setting for the loadbalancer controller fulfilling this\nIngress, if left unspecified." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" secretName: - description: "SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the \"Host\" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing." + description: "secretName is the name of the secret used to terminate TLS traffic on\nport 443. Field is left optional to allow TLS routing based on SNI\nhostname alone. If the SNI host in a listener conflicts with the \"Host\"\nheader field used by an IngressRule, the SNI host is used for termination\nand value of the \"Host\" header is used for routing." type: "string" type: "object" type: "array" @@ -255,11 +255,11 @@ spec: labels: additionalProperties: type: "string" - description: "Labels to add to the Ingress or Route during its creation. The label with key \"app\" is reserved for use by the operator." + description: "Labels to add to the Ingress or Route during its creation.\nThe label with key \"app\" is reserved for use by the operator." type: "object" type: "object" coreConfig: - description: "Specifications for how to expose the Cryostat service, which serves the Cryostat application." + description: "Specifications for how to expose the Cryostat service,\nwhich serves the Cryostat application." properties: annotations: additionalProperties: @@ -267,16 +267,16 @@ spec: description: "Annotations to add to the Ingress or Route during its creation." type: "object" ingressSpec: - description: "Configuration for an Ingress object. Currently subpaths are not supported, so unique hosts must be specified (if a single external IP is being used) to differentiate between ingresses/services." + description: "Configuration for an Ingress object.\nCurrently subpaths are not supported, so unique hosts must be specified\n(if a single external IP is being used) to differentiate between ingresses/services." properties: defaultBackend: - description: "DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller." + description: "defaultBackend is the backend that should handle requests that don't\nmatch any rule. If Rules are not specified, DefaultBackend must be specified.\nIf DefaultBackend is not set, the handling of requests that do not match any\nof the rules will be up to the Ingress controller." properties: resource: - description: "Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with \"Service\"." + description: "resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -290,19 +290,19 @@ spec: type: "object" x-kubernetes-map-type: "atomic" service: - description: "Service references a Service as a Backend. This is a mutually exclusive setting with \"Resource\"." + description: "service references a service as a backend.\nThis is a mutually exclusive setting with \"Resource\"." properties: name: - description: "Name is the referenced service. The service must exist in the same namespace as the Ingress object." + description: "name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." type: "string" port: - description: "Port of the referenced service. A port name or port number is required for a IngressServiceBackend." + description: "port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." properties: name: - description: "Name is the name of the port on the Service. This is a mutually exclusive setting with \"Number\"." + description: "name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." type: "string" number: - description: "Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with \"Name\"." + description: "number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." format: "int32" type: "integer" type: "object" @@ -311,32 +311,32 @@ spec: type: "object" type: "object" ingressClassName: - description: "IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present." + description: "ingressClassName is the name of an IngressClass cluster resource. Ingress\ncontroller implementations use this field to know whether they should be\nserving this Ingress resource, by a transitive connection\n(controller -> IngressClass -> Ingress resource). Although the\n`kubernetes.io/ingress.class` annotation (simple constant name) was never\nformally defined, it was widely supported by Ingress controllers to create\na direct binding between Ingress controller and Ingress resources. Newly\ncreated Ingress resources should prefer using the field. However, even\nthough the annotation is officially deprecated, for backwards compatibility\nreasons, ingress controllers should still honor that annotation if present." type: "string" rules: - description: "A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend." + description: "rules is a list of host rules used to configure the Ingress. If unspecified,\nor no rule matches, all traffic is sent to the default backend." items: - description: "IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue." + description: "IngressRule represents the rules mapping the paths under a specified host to\nthe related backend services. Incoming requests are first evaluated for a host\nmatch, then routed to the backend associated with the matching IngressRuleValue." properties: host: - description: "Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. \n Host can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. \"*.foo.com\"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule." + description: "host is the fully qualified domain name of a network host, as defined by RFC 3986.\nNote the following deviations from the \"host\" part of the\nURI as defined in RFC 3986:\n1. IPs are not allowed. Currently an IngressRuleValue can only apply to\n the IP in the Spec of the parent Ingress.\n2. The `:` delimiter is not respected because ports are not allowed.\n\t Currently the port of an Ingress is implicitly :80 for http and\n\t :443 for https.\nBoth these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic based on the specified IngressRuleValue.\n\n\nhost can be \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' must appear by itself as the first DNS label and\nmatches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\").\nRequests will be matched against the Host field in the following way:\n1. If host is precise, the request matches this rule if the http host header is equal to Host.\n2. If host is a wildcard, then the request matches this rule if the http host header\nis to equal to the suffix (removing the first label) of the wildcard rule." type: "string" http: - description: "HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'." + description: "HTTPIngressRuleValue is a list of http selectors pointing to backends.\nIn the example: http:///? -> backend where\nwhere parts of the url correspond to RFC 3986, this resource will be used\nto match against everything after the last '/' and before the first '?'\nor '#'." properties: paths: - description: "A collection of paths that map requests to backends." + description: "paths is a collection of paths that map requests to backends." items: - description: "HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend." + description: "HTTPIngressPath associates a path with a backend. Incoming urls matching the\npath are forwarded to the backend." properties: backend: - description: "Backend defines the referenced service endpoint to which the traffic will be forwarded to." + description: "backend defines the referenced service endpoint to which the traffic\nwill be forwarded to." properties: resource: - description: "Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with \"Service\"." + description: "resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -350,19 +350,19 @@ spec: type: "object" x-kubernetes-map-type: "atomic" service: - description: "Service references a Service as a Backend. This is a mutually exclusive setting with \"Resource\"." + description: "service references a service as a backend.\nThis is a mutually exclusive setting with \"Resource\"." properties: name: - description: "Name is the referenced service. The service must exist in the same namespace as the Ingress object." + description: "name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." type: "string" port: - description: "Port of the referenced service. A port name or port number is required for a IngressServiceBackend." + description: "port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." properties: name: - description: "Name is the name of the port on the Service. This is a mutually exclusive setting with \"Number\"." + description: "name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." type: "string" number: - description: "Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with \"Name\"." + description: "number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." format: "int32" type: "integer" type: "object" @@ -371,10 +371,10 @@ spec: type: "object" type: "object" path: - description: "Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value \"Exact\" or \"Prefix\"." + description: "path is matched against the path of an incoming request. Currently it can\ncontain characters disallowed from the conventional \"path\" part of a URL\nas defined by RFC 3986. Paths must begin with a '/' and must be present\nwhen using PathType with value \"Exact\" or \"Prefix\"." type: "string" pathType: - description: "PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is done on a path element by element basis. A path element refers is the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). * ImplementationSpecific: Interpretation of the Path matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations are required to support all path types." + description: "pathType determines the interpretation of the path matching. PathType can\nbe one of the following values:\n* Exact: Matches the URL path exactly.\n* Prefix: Matches based on a URL path prefix split by '/'. Matching is\n done on a path element by element basis. A path element refers is the\n list of labels in the path split by the '/' separator. A request is a\n match for path p if every p is an element-wise prefix of p of the\n request path. Note that if the last element of the path is a substring\n of the last element in request path, it is not a match (e.g. /foo/bar\n matches /foo/bar/baz, but does not match /foo/barbaz).\n* ImplementationSpecific: Interpretation of the Path matching is up to\n the IngressClass. Implementations can treat this as a separate PathType\n or treat it identically to Prefix or Exact path types.\nImplementations are required to support all path types." type: "string" required: - "backend" @@ -389,18 +389,18 @@ spec: type: "array" x-kubernetes-list-type: "atomic" tls: - description: "TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI." + description: "tls represents the TLS configuration. Currently the Ingress only supports a\nsingle TLS port, 443. If multiple members of this list specify different hosts,\nthey will be multiplexed on the same port according to the hostname specified\nthrough the SNI TLS extension, if the ingress controller fulfilling the\ningress supports SNI." items: - description: "IngressTLS describes the transport layer security associated with an Ingress." + description: "IngressTLS describes the transport layer security associated with an ingress." properties: hosts: - description: "Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified." + description: "hosts is a list of hosts included in the TLS certificate. The values in\nthis list must match the name/s used in the tlsSecret. Defaults to the\nwildcard host setting for the loadbalancer controller fulfilling this\nIngress, if left unspecified." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" secretName: - description: "SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the \"Host\" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing." + description: "secretName is the name of the secret used to terminate TLS traffic on\nport 443. Field is left optional to allow TLS routing based on SNI\nhostname alone. If the SNI host in a listener conflicts with the \"Host\"\nheader field used by an IngressRule, the SNI host is used for termination\nand value of the \"Host\" header is used for routing." type: "string" type: "object" type: "array" @@ -409,11 +409,11 @@ spec: labels: additionalProperties: type: "string" - description: "Labels to add to the Ingress or Route during its creation. The label with key \"app\" is reserved for use by the operator." + description: "Labels to add to the Ingress or Route during its creation.\nThe label with key \"app\" is reserved for use by the operator." type: "object" type: "object" grafanaConfig: - description: "Specifications for how to expose Cryostat's Grafana service, which serves the Grafana dashboard." + description: "Specifications for how to expose Cryostat's Grafana service,\nwhich serves the Grafana dashboard." properties: annotations: additionalProperties: @@ -421,16 +421,16 @@ spec: description: "Annotations to add to the Ingress or Route during its creation." type: "object" ingressSpec: - description: "Configuration for an Ingress object. Currently subpaths are not supported, so unique hosts must be specified (if a single external IP is being used) to differentiate between ingresses/services." + description: "Configuration for an Ingress object.\nCurrently subpaths are not supported, so unique hosts must be specified\n(if a single external IP is being used) to differentiate between ingresses/services." properties: defaultBackend: - description: "DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller." + description: "defaultBackend is the backend that should handle requests that don't\nmatch any rule. If Rules are not specified, DefaultBackend must be specified.\nIf DefaultBackend is not set, the handling of requests that do not match any\nof the rules will be up to the Ingress controller." properties: resource: - description: "Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with \"Service\"." + description: "resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -444,19 +444,19 @@ spec: type: "object" x-kubernetes-map-type: "atomic" service: - description: "Service references a Service as a Backend. This is a mutually exclusive setting with \"Resource\"." + description: "service references a service as a backend.\nThis is a mutually exclusive setting with \"Resource\"." properties: name: - description: "Name is the referenced service. The service must exist in the same namespace as the Ingress object." + description: "name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." type: "string" port: - description: "Port of the referenced service. A port name or port number is required for a IngressServiceBackend." + description: "port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." properties: name: - description: "Name is the name of the port on the Service. This is a mutually exclusive setting with \"Number\"." + description: "name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." type: "string" number: - description: "Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with \"Name\"." + description: "number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." format: "int32" type: "integer" type: "object" @@ -465,32 +465,32 @@ spec: type: "object" type: "object" ingressClassName: - description: "IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present." + description: "ingressClassName is the name of an IngressClass cluster resource. Ingress\ncontroller implementations use this field to know whether they should be\nserving this Ingress resource, by a transitive connection\n(controller -> IngressClass -> Ingress resource). Although the\n`kubernetes.io/ingress.class` annotation (simple constant name) was never\nformally defined, it was widely supported by Ingress controllers to create\na direct binding between Ingress controller and Ingress resources. Newly\ncreated Ingress resources should prefer using the field. However, even\nthough the annotation is officially deprecated, for backwards compatibility\nreasons, ingress controllers should still honor that annotation if present." type: "string" rules: - description: "A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend." + description: "rules is a list of host rules used to configure the Ingress. If unspecified,\nor no rule matches, all traffic is sent to the default backend." items: - description: "IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue." + description: "IngressRule represents the rules mapping the paths under a specified host to\nthe related backend services. Incoming requests are first evaluated for a host\nmatch, then routed to the backend associated with the matching IngressRuleValue." properties: host: - description: "Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. \n Host can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. \"*.foo.com\"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule." + description: "host is the fully qualified domain name of a network host, as defined by RFC 3986.\nNote the following deviations from the \"host\" part of the\nURI as defined in RFC 3986:\n1. IPs are not allowed. Currently an IngressRuleValue can only apply to\n the IP in the Spec of the parent Ingress.\n2. The `:` delimiter is not respected because ports are not allowed.\n\t Currently the port of an Ingress is implicitly :80 for http and\n\t :443 for https.\nBoth these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic based on the specified IngressRuleValue.\n\n\nhost can be \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' must appear by itself as the first DNS label and\nmatches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\").\nRequests will be matched against the Host field in the following way:\n1. If host is precise, the request matches this rule if the http host header is equal to Host.\n2. If host is a wildcard, then the request matches this rule if the http host header\nis to equal to the suffix (removing the first label) of the wildcard rule." type: "string" http: - description: "HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'." + description: "HTTPIngressRuleValue is a list of http selectors pointing to backends.\nIn the example: http:///? -> backend where\nwhere parts of the url correspond to RFC 3986, this resource will be used\nto match against everything after the last '/' and before the first '?'\nor '#'." properties: paths: - description: "A collection of paths that map requests to backends." + description: "paths is a collection of paths that map requests to backends." items: - description: "HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend." + description: "HTTPIngressPath associates a path with a backend. Incoming urls matching the\npath are forwarded to the backend." properties: backend: - description: "Backend defines the referenced service endpoint to which the traffic will be forwarded to." + description: "backend defines the referenced service endpoint to which the traffic\nwill be forwarded to." properties: resource: - description: "Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with \"Service\"." + description: "resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -504,19 +504,19 @@ spec: type: "object" x-kubernetes-map-type: "atomic" service: - description: "Service references a Service as a Backend. This is a mutually exclusive setting with \"Resource\"." + description: "service references a service as a backend.\nThis is a mutually exclusive setting with \"Resource\"." properties: name: - description: "Name is the referenced service. The service must exist in the same namespace as the Ingress object." + description: "name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." type: "string" port: - description: "Port of the referenced service. A port name or port number is required for a IngressServiceBackend." + description: "port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." properties: name: - description: "Name is the name of the port on the Service. This is a mutually exclusive setting with \"Number\"." + description: "name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." type: "string" number: - description: "Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with \"Name\"." + description: "number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." format: "int32" type: "integer" type: "object" @@ -525,10 +525,10 @@ spec: type: "object" type: "object" path: - description: "Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value \"Exact\" or \"Prefix\"." + description: "path is matched against the path of an incoming request. Currently it can\ncontain characters disallowed from the conventional \"path\" part of a URL\nas defined by RFC 3986. Paths must begin with a '/' and must be present\nwhen using PathType with value \"Exact\" or \"Prefix\"." type: "string" pathType: - description: "PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is done on a path element by element basis. A path element refers is the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). * ImplementationSpecific: Interpretation of the Path matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations are required to support all path types." + description: "pathType determines the interpretation of the path matching. PathType can\nbe one of the following values:\n* Exact: Matches the URL path exactly.\n* Prefix: Matches based on a URL path prefix split by '/'. Matching is\n done on a path element by element basis. A path element refers is the\n list of labels in the path split by the '/' separator. A request is a\n match for path p if every p is an element-wise prefix of p of the\n request path. Note that if the last element of the path is a substring\n of the last element in request path, it is not a match (e.g. /foo/bar\n matches /foo/bar/baz, but does not match /foo/barbaz).\n* ImplementationSpecific: Interpretation of the Path matching is up to\n the IngressClass. Implementations can treat this as a separate PathType\n or treat it identically to Prefix or Exact path types.\nImplementations are required to support all path types." type: "string" required: - "backend" @@ -543,18 +543,18 @@ spec: type: "array" x-kubernetes-list-type: "atomic" tls: - description: "TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI." + description: "tls represents the TLS configuration. Currently the Ingress only supports a\nsingle TLS port, 443. If multiple members of this list specify different hosts,\nthey will be multiplexed on the same port according to the hostname specified\nthrough the SNI TLS extension, if the ingress controller fulfilling the\ningress supports SNI." items: - description: "IngressTLS describes the transport layer security associated with an Ingress." + description: "IngressTLS describes the transport layer security associated with an ingress." properties: hosts: - description: "Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified." + description: "hosts is a list of hosts included in the TLS certificate. The values in\nthis list must match the name/s used in the tlsSecret. Defaults to the\nwildcard host setting for the loadbalancer controller fulfilling this\nIngress, if left unspecified." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" secretName: - description: "SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the \"Host\" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing." + description: "secretName is the name of the secret used to terminate TLS traffic on\nport 443. Field is left optional to allow TLS routing based on SNI\nhostname alone. If the SNI host in a listener conflicts with the \"Host\"\nheader field used by an IngressRule, the SNI host is used for termination\nand value of the \"Host\" header is used for routing." type: "string" type: "object" type: "array" @@ -563,7 +563,7 @@ spec: labels: additionalProperties: type: "string" - description: "Labels to add to the Ingress or Route during its creation. The label with key \"app\" is reserved for use by the operator." + description: "Labels to add to the Ingress or Route during its creation.\nThe label with key \"app\" is reserved for use by the operator." type: "object" type: "object" type: "object" @@ -581,7 +581,7 @@ spec: labels: additionalProperties: type: "string" - description: "Labels to add to the resources during its creation. The labels with keys \"app\" and \"component\" are reserved for use by the operator." + description: "Labels to add to the resources during its creation.\nThe labels with keys \"app\" and \"component\" are reserved\nfor use by the operator." type: "object" type: "object" podMetadata: @@ -595,7 +595,7 @@ spec: labels: additionalProperties: type: "string" - description: "Labels to add to the resources during its creation. The labels with keys \"app\" and \"component\" are reserved for use by the operator." + description: "Labels to add to the resources during its creation.\nThe labels with keys \"app\" and \"component\" are reserved\nfor use by the operator." type: "object" type: "object" type: "object" @@ -603,19 +603,19 @@ spec: description: "Options to configure Cryostat Automated Report Analysis." properties: replicas: - description: "The number of report sidecar replica containers to deploy. Each replica can service one report generation request at a time." + description: "The number of report sidecar replica containers to deploy.\nEach replica can service one report generation request at a time." format: "int32" type: "integer" resources: - description: "The resources allocated to each sidecar replica. A replica with more resources can handle larger input recordings and will process them faster." + description: "The resources allocated to each sidecar replica.\nA replica with more resources can handle larger input recordings and will process them faster." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -631,7 +631,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -640,7 +640,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" schedulingOptions: @@ -653,9 +653,9 @@ spec: description: "Node affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#NodeAffinity" properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: preference: description: "A node selector term, associated with the corresponding weight." @@ -663,16 +663,16 @@ spec: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -684,16 +684,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -714,26 +714,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: nodeSelectorTerms: description: "Required. A list of node selector terms. The terms are ORed." items: - description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -745,16 +745,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -775,7 +775,7 @@ spec: description: "Pod affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAffinity" properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -788,16 +788,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -809,26 +809,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -840,23 +840,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -865,9 +865,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -875,16 +875,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -896,26 +896,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -927,17 +927,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -948,7 +948,7 @@ spec: description: "Pod anti-affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAntiAffinity" properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -961,16 +961,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -982,26 +982,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1013,23 +1013,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -1038,9 +1038,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -1048,16 +1048,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1069,26 +1069,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1100,17 +1100,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -1126,23 +1126,23 @@ spec: tolerations: description: "Tolerations to allow scheduling of Cryostat pods to tainted nodes. See: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/" items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" @@ -1154,25 +1154,25 @@ spec: description: "Security Context to apply to the Cryostat report generator pod." properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: - description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows." + description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows." type: "string" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -1188,25 +1188,25 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" sysctls: - description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows." + description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: description: "Sysctl defines a kernel parameter to be set" properties: @@ -1222,19 +1222,19 @@ spec: type: "object" type: "array" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" @@ -1242,10 +1242,10 @@ spec: description: "Security Context to apply to the Cryostat report generator container." properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -1261,27 +1261,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -1297,37 +1297,37 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" type: "object" subProcessMaxHeapSize: - description: "When zero report sidecar replicas are requested, SubProcessMaxHeapSize configures the maximum heap size of the basic subprocess report generator in MiB. The default heap size is `200` (MiB)." + description: "When zero report sidecar replicas are requested, SubProcessMaxHeapSize configures\nthe maximum heap size of the basic subprocess report generator in MiB.\nThe default heap size is `200` (MiB)." format: "int32" type: "integer" type: "object" @@ -1338,12 +1338,12 @@ spec: description: "Resource requirements for the Cryostat application. If specifying a memory limit, at least 768MiB is recommended." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1359,7 +1359,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1368,19 +1368,19 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" dataSourceResources: description: "Resource requirements for the JFR Data Source container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1396,7 +1396,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1405,19 +1405,19 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" grafanaResources: description: "Resource requirements for the Grafana container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1433,7 +1433,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1442,7 +1442,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" type: "object" @@ -1456,9 +1456,9 @@ spec: description: "Node affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#NodeAffinity" properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: preference: description: "A node selector term, associated with the corresponding weight." @@ -1466,16 +1466,16 @@ spec: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -1487,16 +1487,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -1517,26 +1517,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: nodeSelectorTerms: description: "Required. A list of node selector terms. The terms are ORed." items: - description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -1548,16 +1548,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -1578,7 +1578,7 @@ spec: description: "Pod affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAffinity" properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -1591,16 +1591,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1612,26 +1612,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1643,23 +1643,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -1668,9 +1668,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -1678,16 +1678,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1699,26 +1699,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1730,17 +1730,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -1751,7 +1751,7 @@ spec: description: "Pod anti-affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAntiAffinity" properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -1764,16 +1764,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1785,26 +1785,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1816,23 +1816,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -1841,9 +1841,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -1851,16 +1851,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1872,26 +1872,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1903,17 +1903,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -1929,23 +1929,23 @@ spec: tolerations: description: "Tolerations to allow scheduling of Cryostat pods to tainted nodes. See: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/" items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" @@ -1957,10 +1957,10 @@ spec: description: "Security Context to apply to the Cryostat application container." properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -1976,27 +1976,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -2012,31 +2012,31 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" @@ -2044,10 +2044,10 @@ spec: description: "Security Context to apply to the JFR Data Source container." properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -2063,27 +2063,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -2099,31 +2099,118 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + databaseSecurityContext: + description: "Security Context to apply to the storage container." + properties: + allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." + properties: + add: + description: "Added capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + drop: + description: "Removed capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + type: "object" + privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" @@ -2131,10 +2218,10 @@ spec: description: "Security Context to apply to the Grafana container." properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -2150,27 +2237,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -2186,31 +2273,31 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" @@ -2218,25 +2305,25 @@ spec: description: "Security Context to apply to the Cryostat pod." properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: - description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows." + description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows." type: "string" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -2252,25 +2339,25 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" sysctls: - description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows." + description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: description: "Sysctl defines a kernel parameter to be set" properties: @@ -2286,19 +2373,106 @@ spec: type: "object" type: "array" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + storageSecurityContext: + description: "Security Context to apply to the storage container." + properties: + allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." + properties: + add: + description: "Added capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + drop: + description: "Removed capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + type: "object" + privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" @@ -2315,17 +2489,17 @@ spec: description: "Annotations to add to the service during its creation." type: "object" httpPort: - description: "HTTP port number for the Cryostat application service. Defaults to 8181." + description: "HTTP port number for the Cryostat application service.\nDefaults to 8181." format: "int32" type: "integer" jmxPort: - description: "Remote JMX port number for the Cryostat application service. Defaults to 9091." + description: "Remote JMX port number for the Cryostat application service.\nDefaults to 9091." format: "int32" type: "integer" labels: additionalProperties: type: "string" - description: "Labels to add to the service during its creation. The labels with keys \"app\" and \"component\" are reserved for use by the operator." + description: "Labels to add to the service during its creation.\nThe labels with keys \"app\" and \"component\" are reserved\nfor use by the operator." type: "object" serviceType: description: "Type of service to create. Defaults to \"ClusterIP\"." @@ -2340,20 +2514,41 @@ spec: description: "Annotations to add to the service during its creation." type: "object" httpPort: - description: "HTTP port number for the Grafana dashboard service. Defaults to 3000." + description: "HTTP port number for the Grafana dashboard service.\nDefaults to 3000." format: "int32" type: "integer" labels: additionalProperties: type: "string" - description: "Labels to add to the service during its creation. The labels with keys \"app\" and \"component\" are reserved for use by the operator." + description: "Labels to add to the service during its creation.\nThe labels with keys \"app\" and \"component\" are reserved\nfor use by the operator." type: "object" serviceType: description: "Type of service to create. Defaults to \"ClusterIP\"." type: "string" type: "object" reportsConfig: - description: "Specification for the service responsible for the cryostat-reports sidecars." + description: "Specification for the service responsible for the Cryostat reports sidecars." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations to add to the service during its creation." + type: "object" + httpPort: + description: "HTTP port number for the cryostat-reports service.\nDefaults to 10000." + format: "int32" + type: "integer" + labels: + additionalProperties: + type: "string" + description: "Labels to add to the service during its creation.\nThe labels with keys \"app\" and \"component\" are reserved\nfor use by the operator." + type: "object" + serviceType: + description: "Type of service to create. Defaults to \"ClusterIP\"." + type: "string" + type: "object" + storageConfig: + description: "Specification for the service responsible for the Cryostat storage container." properties: annotations: additionalProperties: @@ -2361,13 +2556,13 @@ spec: description: "Annotations to add to the service during its creation." type: "object" httpPort: - description: "HTTP port number for the cryostat-reports service. Defaults to 10000." + description: "HTTP port number for the cryostat storage service.\nDefaults to 8333" format: "int32" type: "integer" labels: additionalProperties: type: "string" - description: "Labels to add to the service during its creation. The labels with keys \"app\" and \"component\" are reserved for use by the operator." + description: "Labels to add to the service during its creation.\nThe labels with keys \"app\" and \"component\" are reserved\nfor use by the operator." type: "object" serviceType: description: "Type of service to create. Defaults to \"ClusterIP\"." @@ -2378,13 +2573,13 @@ spec: description: "Options to customize the storage for Flight Recordings and Templates." properties: emptyDir: - description: "Configuration for an EmptyDir to be created by the operator instead of a PVC." + description: "Configuration for an EmptyDir to be created\nby the operator instead of a PVC." properties: enabled: description: "When enabled, Cryostat will use EmptyDir volumes instead of a Persistent Volume Claim. Any PVC configurations will be ignored." type: "boolean" medium: - description: "Unless specified, the emptyDir volume will be mounted on the same storage medium backing the node. Setting this field to \"Memory\" will mount the emptyDir on a tmpfs (RAM-backed filesystem)." + description: "Unless specified, the emptyDir volume will be mounted on\nthe same storage medium backing the node. Setting this field to\n\"Memory\" will mount the emptyDir on a tmpfs (RAM-backed filesystem)." type: "string" sizeLimit: description: "The maximum memory limit for the emptyDir. Default is unbounded." @@ -2392,7 +2587,7 @@ spec: type: "string" type: "object" pvc: - description: "Configuration for the Persistent Volume Claim to be created by the operator." + description: "Configuration for the Persistent Volume Claim to be created\nby the operator." properties: annotations: additionalProperties: @@ -2402,21 +2597,21 @@ spec: labels: additionalProperties: type: "string" - description: "Labels to add to the Persistent Volume Claim during its creation. The label with key \"app\" is reserved for use by the operator." + description: "Labels to add to the Persistent Volume Claim during its creation.\nThe label with key \"app\" is reserved for use by the operator." type: "object" spec: - description: "Spec for a Persistent Volume Claim, whose options will override the defaults used by the operator. Unless overriden, the PVC will be created with the default Storage Class and 500MiB of storage. Once the operator has created the PVC, changes to this field have no effect." + description: "Spec for a Persistent Volume Claim, whose options will override the\ndefaults used by the operator. Unless overriden, the PVC will be\ncreated with the default Storage Class and 500MiB of storage.\nOnce the operator has created the PVC, changes to this field have\nno effect." properties: accessModes: - description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -2430,10 +2625,10 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -2442,22 +2637,22 @@ spec: description: "Name is the name of resource being referenced" type: "string" namespace: - description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." type: "string" required: - "kind" - "name" type: "object" resources: - description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -2473,7 +2668,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -2482,7 +2677,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -2491,16 +2686,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -2512,15 +2707,15 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" storageClassName: - description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: - description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." type: "string" volumeName: description: "volumeName is the binding reference to the PersistentVolume backing this claim." @@ -2578,23 +2773,23 @@ spec: conditions: description: "Conditions of the components managed by the Cryostat Operator." items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" properties: lastTransitionTime: - description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." format: "date-time" type: "string" message: - description: "message is a human readable message indicating details about the transition. This may be an empty string." + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." maxLength: 32768 type: "string" observedGeneration: - description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." format: "int64" minimum: 0.0 type: "integer" reason: - description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." maxLength: 1024 minLength: 1 pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" @@ -2607,7 +2802,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -2627,6 +2822,6 @@ spec: type: "object" type: "object" served: true - storage: true + storage: false subresources: status: {} diff --git a/crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta2/cryostats.yaml b/crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta2/cryostats.yaml new file mode 100644 index 000000000..384436a95 --- /dev/null +++ b/crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta2/cryostats.yaml @@ -0,0 +1,2709 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + controller-gen.kubebuilder.io/version: "v0.14.0" + name: "cryostats.operator.cryostat.io" +spec: + group: "operator.cryostat.io" + names: + kind: "Cryostat" + listKind: "CryostatList" + plural: "cryostats" + singular: "cryostat" + scope: "Namespaced" + versions: + - additionalPrinterColumns: + - jsonPath: ".status.applicationUrl" + name: "Application URL" + type: "string" + - jsonPath: ".status.targetNamespaces" + name: "Target Namespaces" + type: "string" + - jsonPath: ".status.storageSecret" + name: "Storage Secret" + type: "string" + - jsonPath: ".status.databaseSecret" + name: "Database Secret" + type: "string" + name: "v1beta2" + schema: + openAPIV3Schema: + description: "Cryostat allows you to install Cryostat for a single namespace, or multiple namespaces.\nIt contains configuration options for controlling the Deployment of the Cryostat\napplication and its related components.\nA Cryostat instance must be created to instruct the operator\nto deploy the Cryostat application." + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + description: "CryostatSpec defines the desired state of Cryostat." + properties: + authorizationOptions: + description: "Additional configuration options for the authorization proxy." + properties: + basicAuth: + description: "Reference to a secret and file name containing the Basic authentication htpasswd file. If deploying on OpenShift this\ndefines additional user accounts that can access the Cryostat application, on top of the OpenShift user accounts which\npass the OpenShift SSO Roles checks. If not on OpenShift then this defines the only user accounts that have access." + properties: + filename: + description: "Name of the file within the secret." + type: "string" + secretName: + description: "Name of the secret to reference." + type: "string" + type: "object" + openShiftSSO: + description: "Configuration for OpenShift RBAC to define which OpenShift user accounts may access the Cryostat application." + properties: + accessReview: + description: "The SubjectAccessReview or TokenAccessReview that all clients (users visiting the application via web browser as well\nas CLI utilities and other programs presenting Bearer auth tokens) must pass in order to access the application.\nIf not specified, the default role required is \"create pods/exec\" in the Cryostat application's installation namespace." + properties: + group: + description: "Group is the API Group of the Resource. \"*\" means all." + type: "string" + name: + description: "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all." + type: "string" + namespace: + description: "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces\n\"\" (empty) is defaulted for LocalSubjectAccessReviews\n\"\" (empty) is empty for cluster-scoped resources\n\"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview" + type: "string" + resource: + description: "Resource is one of the existing resource types. \"*\" means all." + type: "string" + subresource: + description: "Subresource is one of the existing resource types. \"\" means none." + type: "string" + verb: + description: "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all." + type: "string" + version: + description: "Version is the API Version of the Resource. \"*\" means all." + type: "string" + type: "object" + disable: + description: "Disable OpenShift SSO integration and allow all users to access the application without authentication. This\nwill also bypass the BasicAuth, if specified." + type: "boolean" + type: "object" + type: "object" + databaseOptions: + description: "Options to configure the Cryostat application's database." + properties: + secretName: + description: "Name of the secret containing database keys. This secret must contain a CONNECTION_KEY secret which is the\ndatabase connection password, and an ENCRYPTION_KEY secret which is the key used to encrypt sensitive data\nstored within the database, such as the target credentials keyring. This field cannot be updated.\nIt is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data.\nMore details: https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable" + type: "string" + type: "object" + enableCertManager: + description: "Use cert-manager to secure in-cluster communication between Cryostat components.\nRequires cert-manager to be installed." + type: "boolean" + eventTemplates: + description: "List of Flight Recorder Event Templates to preconfigure in Cryostat." + items: + description: "A ConfigMap containing a .jfc template file." + properties: + configMapName: + description: "Name of config map in the local namespace." + type: "string" + filename: + description: "Filename within config map containing the template file." + type: "string" + required: + - "configMapName" + - "filename" + type: "object" + type: "array" + networkOptions: + description: "Options to control how the operator exposes the application outside of the cluster,\nsuch as using an Ingress or Route." + properties: + coreConfig: + description: "Specifications for how to expose the Cryostat service,\nwhich serves the Cryostat application." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations to add to the Ingress or Route during its creation." + type: "object" + ingressSpec: + description: "Configuration for an Ingress object.\nCurrently subpaths are not supported, so unique hosts must be specified\n(if a single external IP is being used) to differentiate between ingresses/services." + properties: + defaultBackend: + description: "defaultBackend is the backend that should handle requests that don't\nmatch any rule. If Rules are not specified, DefaultBackend must be specified.\nIf DefaultBackend is not set, the handling of requests that do not match any\nof the rules will be up to the Ingress controller." + properties: + resource: + description: "resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + service: + description: "service references a service as a backend.\nThis is a mutually exclusive setting with \"Resource\"." + properties: + name: + description: "name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." + type: "string" + port: + description: "port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." + properties: + name: + description: "name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." + type: "string" + number: + description: "number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." + format: "int32" + type: "integer" + type: "object" + required: + - "name" + type: "object" + type: "object" + ingressClassName: + description: "ingressClassName is the name of an IngressClass cluster resource. Ingress\ncontroller implementations use this field to know whether they should be\nserving this Ingress resource, by a transitive connection\n(controller -> IngressClass -> Ingress resource). Although the\n`kubernetes.io/ingress.class` annotation (simple constant name) was never\nformally defined, it was widely supported by Ingress controllers to create\na direct binding between Ingress controller and Ingress resources. Newly\ncreated Ingress resources should prefer using the field. However, even\nthough the annotation is officially deprecated, for backwards compatibility\nreasons, ingress controllers should still honor that annotation if present." + type: "string" + rules: + description: "rules is a list of host rules used to configure the Ingress. If unspecified,\nor no rule matches, all traffic is sent to the default backend." + items: + description: "IngressRule represents the rules mapping the paths under a specified host to\nthe related backend services. Incoming requests are first evaluated for a host\nmatch, then routed to the backend associated with the matching IngressRuleValue." + properties: + host: + description: "host is the fully qualified domain name of a network host, as defined by RFC 3986.\nNote the following deviations from the \"host\" part of the\nURI as defined in RFC 3986:\n1. IPs are not allowed. Currently an IngressRuleValue can only apply to\n the IP in the Spec of the parent Ingress.\n2. The `:` delimiter is not respected because ports are not allowed.\n\t Currently the port of an Ingress is implicitly :80 for http and\n\t :443 for https.\nBoth these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic based on the specified IngressRuleValue.\n\n\nhost can be \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' must appear by itself as the first DNS label and\nmatches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\").\nRequests will be matched against the Host field in the following way:\n1. If host is precise, the request matches this rule if the http host header is equal to Host.\n2. If host is a wildcard, then the request matches this rule if the http host header\nis to equal to the suffix (removing the first label) of the wildcard rule." + type: "string" + http: + description: "HTTPIngressRuleValue is a list of http selectors pointing to backends.\nIn the example: http:///? -> backend where\nwhere parts of the url correspond to RFC 3986, this resource will be used\nto match against everything after the last '/' and before the first '?'\nor '#'." + properties: + paths: + description: "paths is a collection of paths that map requests to backends." + items: + description: "HTTPIngressPath associates a path with a backend. Incoming urls matching the\npath are forwarded to the backend." + properties: + backend: + description: "backend defines the referenced service endpoint to which the traffic\nwill be forwarded to." + properties: + resource: + description: "resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + service: + description: "service references a service as a backend.\nThis is a mutually exclusive setting with \"Resource\"." + properties: + name: + description: "name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." + type: "string" + port: + description: "port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." + properties: + name: + description: "name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." + type: "string" + number: + description: "number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." + format: "int32" + type: "integer" + type: "object" + required: + - "name" + type: "object" + type: "object" + path: + description: "path is matched against the path of an incoming request. Currently it can\ncontain characters disallowed from the conventional \"path\" part of a URL\nas defined by RFC 3986. Paths must begin with a '/' and must be present\nwhen using PathType with value \"Exact\" or \"Prefix\"." + type: "string" + pathType: + description: "pathType determines the interpretation of the path matching. PathType can\nbe one of the following values:\n* Exact: Matches the URL path exactly.\n* Prefix: Matches based on a URL path prefix split by '/'. Matching is\n done on a path element by element basis. A path element refers is the\n list of labels in the path split by the '/' separator. A request is a\n match for path p if every p is an element-wise prefix of p of the\n request path. Note that if the last element of the path is a substring\n of the last element in request path, it is not a match (e.g. /foo/bar\n matches /foo/bar/baz, but does not match /foo/barbaz).\n* ImplementationSpecific: Interpretation of the Path matching is up to\n the IngressClass. Implementations can treat this as a separate PathType\n or treat it identically to Prefix or Exact path types.\nImplementations are required to support all path types." + type: "string" + required: + - "backend" + - "pathType" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "paths" + type: "object" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + tls: + description: "tls represents the TLS configuration. Currently the Ingress only supports a\nsingle TLS port, 443. If multiple members of this list specify different hosts,\nthey will be multiplexed on the same port according to the hostname specified\nthrough the SNI TLS extension, if the ingress controller fulfilling the\ningress supports SNI." + items: + description: "IngressTLS describes the transport layer security associated with an ingress." + properties: + hosts: + description: "hosts is a list of hosts included in the TLS certificate. The values in\nthis list must match the name/s used in the tlsSecret. Defaults to the\nwildcard host setting for the loadbalancer controller fulfilling this\nIngress, if left unspecified." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + secretName: + description: "secretName is the name of the secret used to terminate TLS traffic on\nport 443. Field is left optional to allow TLS routing based on SNI\nhostname alone. If the SNI host in a listener conflicts with the \"Host\"\nheader field used by an IngressRule, the SNI host is used for termination\nand value of the \"Host\" header is used for routing." + type: "string" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + type: "object" + labels: + additionalProperties: + type: "string" + description: "Labels to add to the Ingress or Route during its creation.\nThe label with key \"app\" is reserved for use by the operator." + type: "object" + type: "object" + type: "object" + operandMetadata: + description: "Options to configure the Cryostat deployments and pods metadata" + properties: + deploymentMetadata: + description: "Options to configure the Cryostat deployments metadata" + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations to add to the resources during its creation." + type: "object" + labels: + additionalProperties: + type: "string" + description: "Labels to add to the resources during its creation.\nThe labels with keys \"app\" and \"component\" are reserved\nfor use by the operator." + type: "object" + type: "object" + podMetadata: + description: "Options to configure the Cryostat pods metadata" + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations to add to the resources during its creation." + type: "object" + labels: + additionalProperties: + type: "string" + description: "Labels to add to the resources during its creation.\nThe labels with keys \"app\" and \"component\" are reserved\nfor use by the operator." + type: "object" + type: "object" + type: "object" + reportOptions: + description: "Options to configure Cryostat Automated Report Analysis." + properties: + replicas: + description: "The number of report sidecar replica containers to deploy.\nEach replica can service one report generation request at a time." + format: "int32" + type: "integer" + resources: + description: "The resources allocated to each sidecar replica.\nA replica with more resources can handle larger input recordings and will process them faster." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + schedulingOptions: + description: "Options to configure scheduling for the reports deployment" + properties: + affinity: + description: "Affinity rules for scheduling Cryostat pods." + properties: + nodeAffinity: + description: "Node affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#NodeAffinity" + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + properties: + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "preference" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." + properties: + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." + items: + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + required: + - "nodeSelectorTerms" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Pod affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAffinity" + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + description: "Pod anti-affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAntiAffinity" + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + nodeSelector: + additionalProperties: + type: "string" + description: "Label selector used to schedule a Cryostat pod to a node. See: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: "object" + tolerations: + description: "Tolerations to allow scheduling of Cryostat pods to tainted nodes. See: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/" + items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + type: "object" + securityOptions: + description: "Options to configure the Security Contexts for the Cryostat report generator." + properties: + podSecurityContext: + description: "Security Context to apply to the Cryostat report generator pod." + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + fsGroupChangePolicy: + description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + supplementalGroups: + description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + items: + format: "int64" + type: "integer" + type: "array" + sysctls: + description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." + items: + description: "Sysctl defines a kernel parameter to be set" + properties: + name: + description: "Name of a property to set" + type: "string" + value: + description: "Value of a property to set" + type: "string" + required: + - "name" + - "value" + type: "object" + type: "array" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + reportsSecurityContext: + description: "Security Context to apply to the Cryostat report generator container." + properties: + allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." + properties: + add: + description: "Added capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + drop: + description: "Removed capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + type: "object" + privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + type: "object" + subProcessMaxHeapSize: + description: "When zero report sidecar replicas are requested, SubProcessMaxHeapSize configures\nthe maximum heap size of the basic subprocess report generator in MiB.\nThe default heap size is `200` (MiB)." + format: "int32" + type: "integer" + type: "object" + resources: + description: "Resource requirements for the Cryostat deployment." + properties: + authProxyResources: + description: "Resource requirements for the auth proxy." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + coreResources: + description: "Resource requirements for the Cryostat application. If specifying a memory limit, at least 384MiB is recommended." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + dataSourceResources: + description: "Resource requirements for the JFR Data Source container." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + databaseResources: + description: "Resource requirements for the database container." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + grafanaResources: + description: "Resource requirements for the Grafana container." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + objectStorageResources: + description: "Resource requirements for the object storage container." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + type: "object" + schedulingOptions: + description: "Options to configure scheduling for the Cryostat deployment" + properties: + affinity: + description: "Affinity rules for scheduling Cryostat pods." + properties: + nodeAffinity: + description: "Node affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#NodeAffinity" + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + properties: + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "preference" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." + properties: + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." + items: + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + required: + - "nodeSelectorTerms" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Pod affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAffinity" + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + description: "Pod anti-affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAntiAffinity" + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + nodeSelector: + additionalProperties: + type: "string" + description: "Label selector used to schedule a Cryostat pod to a node. See: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: "object" + tolerations: + description: "Tolerations to allow scheduling of Cryostat pods to tainted nodes. See: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/" + items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + type: "object" + securityOptions: + description: "Options to configure the Security Contexts for the Cryostat application." + properties: + authProxySecurityContext: + description: "Security Context to apply to the auth proxy container." + properties: + allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." + properties: + add: + description: "Added capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + drop: + description: "Removed capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + type: "object" + privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + coreSecurityContext: + description: "Security Context to apply to the Cryostat application container." + properties: + allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." + properties: + add: + description: "Added capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + drop: + description: "Removed capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + type: "object" + privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + dataSourceSecurityContext: + description: "Security Context to apply to the JFR Data Source container." + properties: + allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." + properties: + add: + description: "Added capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + drop: + description: "Removed capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + type: "object" + privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + databaseSecurityContext: + description: "Security Context to apply to the database container." + properties: + allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." + properties: + add: + description: "Added capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + drop: + description: "Removed capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + type: "object" + privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + grafanaSecurityContext: + description: "Security Context to apply to the Grafana container." + properties: + allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." + properties: + add: + description: "Added capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + drop: + description: "Removed capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + type: "object" + privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + podSecurityContext: + description: "Security Context to apply to the Cryostat pod." + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + fsGroupChangePolicy: + description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + supplementalGroups: + description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + items: + format: "int64" + type: "integer" + type: "array" + sysctls: + description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." + items: + description: "Sysctl defines a kernel parameter to be set" + properties: + name: + description: "Name of a property to set" + type: "string" + value: + description: "Value of a property to set" + type: "string" + required: + - "name" + - "value" + type: "object" + type: "array" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + storageSecurityContext: + description: "Security Context to apply to the storage container." + properties: + allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." + properties: + add: + description: "Added capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + drop: + description: "Removed capabilities" + items: + description: "Capability represent POSIX capabilities type" + type: "string" + type: "array" + type: "object" + privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." + type: "boolean" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + type: "object" + serviceOptions: + description: "Options to customize the services created for the Cryostat application." + properties: + coreConfig: + description: "Specification for the service responsible for the Cryostat application." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations to add to the service during its creation." + type: "object" + httpPort: + description: "HTTP port number for the Cryostat application service.\nDefaults to 8181." + format: "int32" + type: "integer" + labels: + additionalProperties: + type: "string" + description: "Labels to add to the service during its creation.\nThe labels with keys \"app\" and \"component\" are reserved\nfor use by the operator." + type: "object" + serviceType: + description: "Type of service to create. Defaults to \"ClusterIP\"." + type: "string" + type: "object" + reportsConfig: + description: "Specification for the service responsible for the cryostat-reports sidecars." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations to add to the service during its creation." + type: "object" + httpPort: + description: "HTTP port number for the cryostat-reports service.\nDefaults to 10000." + format: "int32" + type: "integer" + labels: + additionalProperties: + type: "string" + description: "Labels to add to the service during its creation.\nThe labels with keys \"app\" and \"component\" are reserved\nfor use by the operator." + type: "object" + serviceType: + description: "Type of service to create. Defaults to \"ClusterIP\"." + type: "string" + type: "object" + type: "object" + storageOptions: + description: "Options to customize the storage provisioned for the database and object storage." + properties: + emptyDir: + description: "Configuration for an EmptyDir to be created\nby the operator instead of a PVC." + properties: + enabled: + description: "When enabled, Cryostat will use EmptyDir volumes instead of a Persistent Volume Claim. Any PVC configurations will be ignored." + type: "boolean" + medium: + description: "Unless specified, the emptyDir volume will be mounted on\nthe same storage medium backing the node. Setting this field to\n\"Memory\" will mount the emptyDir on a tmpfs (RAM-backed filesystem)." + type: "string" + sizeLimit: + description: "The maximum memory limit for the emptyDir. Default is unbounded." + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + type: "string" + type: "object" + pvc: + description: "Configuration for the Persistent Volume Claim to be created\nby the operator." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations to add to the Persistent Volume Claim during its creation." + type: "object" + labels: + additionalProperties: + type: "string" + description: "Labels to add to the Persistent Volume Claim during its creation.\nThe label with key \"app\" is reserved for use by the operator." + type: "object" + spec: + description: "Spec for a Persistent Volume Claim, whose options will override the\ndefaults used by the operator. Unless overriden, the PVC will be\ncreated with the default Storage Class and 500MiB of storage.\nOnce the operator has created the PVC, changes to this field have\nno effect." + properties: + accessModes: + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + selector: + description: "selector is a label query over volumes to consider for binding." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + type: "string" + volumeMode: + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." + type: "string" + type: "object" + type: "object" + type: "object" + targetConnectionCacheOptions: + description: "Options to customize the target connections cache for the Cryostat application." + properties: + targetCacheSize: + description: "The maximum number of target connections to cache. Use `-1` for an unlimited cache size (TTL expiration only). Defaults to `-1`." + format: "int32" + minimum: -1.0 + type: "integer" + targetCacheTTL: + description: "The time to live (in seconds) for cached target connections. Defaults to `10`." + format: "int32" + minimum: 1.0 + type: "integer" + type: "object" + targetDiscoveryOptions: + description: "Options to configure the Cryostat application's target discovery mechanisms." + properties: + disableBuiltInDiscovery: + description: "When true, the Cryostat application will disable the built-in discovery mechanisms. Defaults to false" + type: "boolean" + disableBuiltInPortNames: + description: "When false and discoveryPortNames is empty, the Cryostat application will use the default port name jfr-jmx to look for JMX connectable targets. Defaults to false." + type: "boolean" + disableBuiltInPortNumbers: + description: "When false and discoveryPortNumbers is empty, the Cryostat application will use the default port number 9091 to look for JMX connectable targets. Defaults to false." + type: "boolean" + discoveryPortNames: + description: "List of port names that the Cryostat application should look for in order to consider a target as JMX connectable." + items: + type: "string" + type: "array" + discoveryPortNumbers: + description: "List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable." + items: + format: "int32" + type: "integer" + type: "array" + type: "object" + targetNamespaces: + description: "List of namespaces whose workloads Cryostat should be\npermitted to access and profile. Defaults to this Cryostat's namespace.\nWarning: All Cryostat users will be able to create and manage\nrecordings for workloads in the listed namespaces.\nMore details: https://github.com/cryostatio/cryostat-operator/blob/v2.4.0/docs/multi-namespace.md#data-isolation" + items: + type: "string" + type: "array" + trustedCertSecrets: + description: "List of TLS certificates to trust when connecting to targets." + items: + properties: + certificateKey: + description: "Key within secret containing the certificate." + type: "string" + secretName: + description: "Name of secret in the local namespace." + type: "string" + required: + - "secretName" + type: "object" + type: "array" + type: "object" + status: + description: "CryostatStatus defines the observed state of Cryostat." + properties: + applicationUrl: + description: "Address of the deployed Cryostat web application." + type: "string" + conditions: + description: "Conditions of the components managed by the Cryostat Operator." + items: + description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + type: "array" + databaseSecret: + description: "Name of the Secret containing the Cryostat database connection and encryption keys." + type: "string" + storageSecret: + description: "Name of the Secret containing the Cryostat storage connection key." + type: "string" + targetNamespaces: + description: "List of namespaces that Cryostat has been configured\nand authorized to access and profile." + items: + type: "string" + type: "array" + required: + - "applicationUrl" + type: "object" + type: "object" + served: true + storage: true + subresources: + status: {} diff --git a/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v1/checlusters.yaml b/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v1/checlusters.yaml index 7ed91591b..4f50fb89c 100644 --- a/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v1/checlusters.yaml +++ b/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v1/checlusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "checlusters.org.eclipse.che" spec: group: "org.eclipse.che" @@ -21,30 +21,30 @@ spec: description: "The `CheCluster` custom resource allows defining and managing a Che server installation" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "Desired configuration of the Che installation. Based on these settings, the Operator automatically creates and maintains several ConfigMaps that will contain the appropriate environment variables the various components of the Che installation. These generated ConfigMaps must NOT be updated manually." + description: "Desired configuration of the Che installation.\nBased on these settings, the Operator automatically creates and maintains\nseveral ConfigMaps that will contain the appropriate environment variables\nthe various components of the Che installation.\nThese generated ConfigMaps must NOT be updated manually." properties: auth: description: "Configuration settings related to the Authentication used by the Che installation." properties: debug: - description: "Deprecated. The value of this flag is ignored. Debug internal identity provider." + description: "Deprecated. The value of this flag is ignored.\nDebug internal identity provider." type: "boolean" externalIdentityProvider: - description: "Deprecated. The value of this flag is ignored. Instructs the Operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). Instructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance). By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`, no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use. See also all the other fields starting with: `identityProvider`." + description: "Deprecated. The value of this flag is ignored.\nInstructs the Operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance).\nInstructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance).\nBy default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`,\nno dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use.\nSee also all the other fields starting with: `identityProvider`." type: "boolean" gatewayAuthenticationSidecarImage: - description: "Gateway sidecar responsible for authentication when NativeUserMode is enabled. See link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy] or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy]." + description: "Gateway sidecar responsible for authentication when NativeUserMode is enabled.\nSee link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy] or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy]." type: "string" gatewayAuthorizationSidecarImage: - description: "Gateway sidecar responsible for authorization when NativeUserMode is enabled. See link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy] or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy]" + description: "Gateway sidecar responsible for authorization when NativeUserMode is enabled.\nSee link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy] or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy]" type: "string" gatewayConfigBumpEnv: description: "List of environment variables to set in the Configbump container." @@ -55,7 +55,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -67,7 +67,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -75,8 +75,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -87,8 +88,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -106,6 +108,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -113,7 +116,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -121,6 +124,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -135,7 +139,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -147,7 +151,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -155,8 +159,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -167,8 +172,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -186,6 +192,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -193,7 +200,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -201,6 +208,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -218,7 +226,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -230,7 +238,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -238,8 +246,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -250,8 +259,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -269,6 +279,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -276,7 +287,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -284,6 +295,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -298,7 +310,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -310,7 +322,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -318,8 +330,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -330,8 +343,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -349,6 +363,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -356,7 +371,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -364,19 +379,20 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" type: "object" type: "array" identityProviderAdminUserName: - description: "Deprecated. The value of this flag is ignored. Overrides the name of the Identity Provider administrator user. Defaults to `admin`." + description: "Deprecated. The value of this flag is ignored.\nOverrides the name of the Identity Provider administrator user. Defaults to `admin`." type: "string" identityProviderClientId: - description: "Deprecated. The value of this flag is ignored. Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`." + description: "Deprecated. The value of this flag is ignored.\nName of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che.\nOverride this when an external Identity Provider is in use. See the `externalIdentityProvider` field.\nWhen omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`." type: "string" identityProviderContainerResources: - description: "Deprecated. The value of this flag is ignored. Identity provider container custom settings." + description: "Deprecated. The value of this flag is ignored.\nIdentity provider container custom settings." properties: limits: description: "Limits describes the maximum amount of compute resources allowed." @@ -400,13 +416,13 @@ spec: type: "object" type: "object" identityProviderImage: - description: "Deprecated. The value of this flag is ignored. Overrides the container image used in the Identity Provider, Keycloak or RH-SSO, deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator." + description: "Deprecated. The value of this flag is ignored.\nOverrides the container image used in the Identity Provider, Keycloak or RH-SSO, deployment.\nThis includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator." type: "string" identityProviderImagePullPolicy: - description: "Deprecated. The value of this flag is ignored. Overrides the image pull policy used in the Identity Provider, Keycloak or RH-SSO, deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases." + description: "Deprecated. The value of this flag is ignored.\nOverrides the image pull policy used in the Identity Provider, Keycloak or RH-SSO, deployment.\nDefault value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases." type: "string" identityProviderIngress: - description: "Deprecated. The value of this flag is ignored. Ingress custom settings." + description: "Deprecated. The value of this flag is ignored.\nIngress custom settings." properties: annotations: additionalProperties: @@ -418,19 +434,19 @@ spec: type: "string" type: "object" identityProviderPassword: - description: "Deprecated. The value of this flag is ignored. Overrides the password of Keycloak administrator user. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password." + description: "Deprecated. The value of this flag is ignored.\nOverrides the password of Keycloak administrator user.\nOverride this when an external Identity Provider is in use. See the `externalIdentityProvider` field.\nWhen omitted or left blank, it is set to an auto-generated password." type: "string" identityProviderPostgresPassword: - description: "Deprecated. The value of this flag is ignored. Password for a Identity Provider, Keycloak or RH-SSO, to connect to the database. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password." + description: "Deprecated. The value of this flag is ignored.\nPassword for a Identity Provider, Keycloak or RH-SSO, to connect to the database.\nOverride this when an external Identity Provider is in use. See the `externalIdentityProvider` field.\nWhen omitted or left blank, it is set to an auto-generated password." type: "string" identityProviderPostgresSecret: - description: "Deprecated. The value of this flag is ignored. The secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database. When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label." + description: "Deprecated. The value of this flag is ignored.\nThe secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database.\nWhen the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies:\n1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database.\n2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`.\nThe secret must have `app.kubernetes.io/part-of=che.eclipse.org` label." type: "string" identityProviderRealm: - description: "Deprecated. The value of this flag is ignored. Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field." + description: "Deprecated. The value of this flag is ignored.\nName of a Identity provider, Keycloak or RH-SSO, realm that is used for Che.\nOverride this when an external Identity Provider is in use. See the `externalIdentityProvider` field.\nWhen omitted or left blank, it is set to the value of the `flavour` field." type: "string" identityProviderRoute: - description: "Deprecated. The value of this flag is ignored. Route custom settings." + description: "Deprecated. The value of this flag is ignored.\nRoute custom settings." properties: annotations: additionalProperties: @@ -438,41 +454,41 @@ spec: description: "Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata." type: "object" domain: - description: "Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`." + description: "Operator uses the domain to generate a hostname for a route.\nIn a conjunction with labels it creates a route, which is served by a non-default Ingress controller.\nThe generated host name will follow this pattern: `-.`." type: "string" labels: description: "Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting." type: "string" type: "object" identityProviderSecret: - description: "Deprecated. The value of this flag is ignored. The secret that contains `user` and `password` for Identity Provider. When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label." + description: "Deprecated. The value of this flag is ignored.\nThe secret that contains `user` and `password` for Identity Provider.\nWhen the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored.\nWhen the value is omitted or left blank, the one of following scenarios applies:\n1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used.\n2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name\n`che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`.\nThe secret must have `app.kubernetes.io/part-of=che.eclipse.org` label." type: "string" identityProviderURL: - description: "Public URL of the Identity Provider server (Keycloak / RH-SSO server). Set this ONLY when a use of an external Identity Provider is needed. See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator." + description: "Public URL of the Identity Provider server (Keycloak / RH-SSO server).\nSet this ONLY when a use of an external Identity Provider is needed.\nSee the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator." type: "string" identityToken: - description: "Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`. Default value is `id_token`. This field is specific to Che installations made for Kubernetes only and ignored for OpenShift." + description: "Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`.\nDefault value is `id_token`.\nThis field is specific to Che installations made for Kubernetes only and ignored for OpenShift." type: "string" initialOpenShiftOAuthUser: - description: "Deprecated. The value of this flag is ignored. For operating with the OpenShift OAuth authentication, create a new user account since the kubeadmin can not be used. If the value is true, then a new OpenShift OAuth user will be created for the HTPasswd identity provider. If the value is false and the user has already been created, then it will be removed. If value is an empty, then do nothing. The user's credentials are stored in the `openshift-oauth-user-credentials` secret in 'openshift-config' namespace by Operator. Note that this solution is Openshift 4 platform-specific." + description: "Deprecated. The value of this flag is ignored.\nFor operating with the OpenShift OAuth authentication, create a new user account since the kubeadmin can not be used.\nIf the value is true, then a new OpenShift OAuth user will be created for the HTPasswd identity provider.\nIf the value is false and the user has already been created, then it will be removed.\nIf value is an empty, then do nothing.\nThe user's credentials are stored in the `openshift-oauth-user-credentials` secret in 'openshift-config' namespace by Operator.\nNote that this solution is Openshift 4 platform-specific." type: "boolean" nativeUserMode: - description: "Deprecated. The value of this flag is ignored. Enables native user mode. Currently works only on OpenShift and DevWorkspace engine. Native User mode uses OpenShift OAuth directly as identity provider, without Keycloak." + description: "Deprecated. The value of this flag is ignored.\nEnables native user mode. Currently works only on OpenShift and DevWorkspace engine.\nNative User mode uses OpenShift OAuth directly as identity provider, without Keycloak." type: "boolean" oAuthClientName: description: "Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OpenShiftoAuth` field." type: "string" oAuthScope: - description: "Access Token Scope. This field is specific to Che installations made for Kubernetes only and ignored for OpenShift." + description: "Access Token Scope.\nThis field is specific to Che installations made for Kubernetes only and ignored for OpenShift." type: "string" oAuthSecret: description: "Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OAuthClientName` field." type: "string" openShiftoAuth: - description: "Deprecated. The value of this flag is ignored. Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Empty value on OpenShift by default. This will allow users to directly login with their OpenShift user through the OpenShift login, and have their workspaces created under personal OpenShift namespaces. WARNING: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard." + description: "Deprecated. The value of this flag is ignored.\nEnables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth.\nEmpty value on OpenShift by default. This will allow users to directly login with their OpenShift user through the OpenShift login,\nand have their workspaces created under personal OpenShift namespaces.\nWARNING: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard." type: "boolean" updateAdminPassword: - description: "Deprecated. The value of this flag is ignored. Forces the default `admin` Che user to update password on first login. Defaults to `false`." + description: "Deprecated. The value of this flag is ignored.\nForces the default `admin` Che user to update password on first login. Defaults to `false`." type: "boolean" type: "object" dashboard: @@ -513,22 +529,22 @@ spec: description: "PostgreSQL database name that the Che server uses to connect to the DB. Defaults to `dbche`." type: "string" chePostgresHostName: - description: "PostgreSQL Database host name that the Che server uses to connect to. Defaults is `postgres`. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator." + description: "PostgreSQL Database host name that the Che server uses to connect to.\nDefaults is `postgres`. Override this value ONLY when using an external database. See field `externalDb`.\nIn the default case it will be automatically set by the Operator." type: "string" chePostgresPassword: description: "PostgreSQL password that the Che server uses to connect to the DB. When omitted or left blank, it will be set to an automatically generated value." type: "string" chePostgresPort: - description: "PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator." + description: "PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432.\nOverride this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator." type: "string" chePostgresSecret: - description: "The secret that contains PostgreSQL`user` and `password` that the Che server uses to connect to the DB. When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `postgres-credentials` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label." + description: "The secret that contains PostgreSQL`user` and `password` that the Che server uses to connect to the DB.\nWhen the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored.\nWhen the value is omitted or left blank, the one of following scenarios applies:\n1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB.\n2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `postgres-credentials`\nwill be created with default value of `pgche` for `user` and with an auto-generated value for `password`.\nThe secret must have `app.kubernetes.io/part-of=che.eclipse.org` label." type: "string" chePostgresUser: description: "PostgreSQL user that the Che server uses to connect to the DB. Defaults to `pgche`." type: "string" externalDb: - description: "Instructs the Operator on whether to deploy a dedicated database. By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with: `chePostgres`." + description: "Instructs the Operator on whether to deploy a dedicated database.\nBy default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the\nOperator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with: `chePostgres`." type: "boolean" postgresEnv: description: "List of environment variables to set in the PostgreSQL container." @@ -539,7 +555,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -551,7 +567,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -559,8 +575,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -571,8 +588,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -590,6 +608,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -597,7 +616,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -605,6 +624,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -617,20 +637,20 @@ spec: description: "Overrides the image pull policy used in the PostgreSQL database deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases." type: "string" postgresVersion: - description: "Indicates a PostgreSQL version image to use. Allowed values are: `9.6` and `13.3`. Migrate your PostgreSQL database to switch from one version to another." + description: "Indicates a PostgreSQL version image to use. Allowed values are: `9.6` and `13.3`.\nMigrate your PostgreSQL database to switch from one version to another." type: "string" pvcClaimSize: - description: "Size of the persistent volume claim for database. Defaults to `1Gi`. To update pvc storageclass that provisions it must support resize when Eclipse Che has been already deployed." + description: "Size of the persistent volume claim for database. Defaults to `1Gi`.\nTo update pvc storageclass that provisions it must support resize when Eclipse Che has been already deployed." type: "string" type: "object" devWorkspace: description: "DevWorkspace operator configuration" properties: controllerImage: - description: "Overrides the container image used in the DevWorkspace controller deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator." + description: "Overrides the container image used in the DevWorkspace controller deployment.\nThis includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator." type: "string" enable: - description: "Deploys the DevWorkspace Operator in the cluster. Does nothing when a matching version of the Operator is already installed. Fails when a non-matching version of the Operator is already installed." + description: "Deploys the DevWorkspace Operator in the cluster.\nDoes nothing when a matching version of the Operator is already installed.\nFails when a non-matching version of the Operator is already installed." type: "boolean" env: description: "List of environment variables to set in the DevWorkspace container." @@ -641,7 +661,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -653,7 +673,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -661,8 +681,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -673,8 +694,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -692,6 +714,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -699,7 +722,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -707,6 +730,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -717,12 +741,12 @@ spec: type: "string" secondsOfInactivityBeforeIdling: default: 1800 - description: "Idle timeout for workspaces in seconds. This timeout is the duration after which a workspace will be idled if there is no activity. To disable workspace idling due to inactivity, set this value to -1." + description: "Idle timeout for workspaces in seconds.\nThis timeout is the duration after which a workspace will be idled if there is no activity.\nTo disable workspace idling due to inactivity, set this value to -1." format: "int32" type: "integer" secondsOfRunBeforeIdling: default: -1 - description: "Run timeout for workspaces in seconds. This timeout is the maximum duration a workspace runs. To disable workspace run timeout, set this value to -1." + description: "Run timeout for workspaces in seconds.\nThis timeout is the maximum duration a workspace runs.\nTo disable workspace run timeout, set this value to -1." format: "int32" type: "integer" required: @@ -737,10 +761,10 @@ spec: description: "BitBucketService enables users to work with repositories hosted on Bitbucket (bitbucket.org or self-hosted)." properties: endpoint: - description: "Bitbucket server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/." + description: "Bitbucket server endpoint URL.\nDeprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.\nSee the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/." type: "string" secretName: - description: "Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/." + description: "Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data.\nSee the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/\nand https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/." type: "string" required: - "secretName" @@ -752,10 +776,10 @@ spec: description: "GitHubService enables users to work with repositories hosted on GitHub (GitHub.com or GitHub Enterprise)." properties: endpoint: - description: "GitHub server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/." + description: "GitHub server endpoint URL.\nDeprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.\nSee the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/." type: "string" secretName: - description: "Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/." + description: "Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret.\nSee the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/." type: "string" required: - "secretName" @@ -767,10 +791,10 @@ spec: description: "GitLabService enables users to work with repositories hosted on GitLab (gitlab.com or self-hosted)." properties: endpoint: - description: "GitLab server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/." + description: "GitLab server endpoint URL.\nDeprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.\nSee the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/." type: "string" secretName: - description: "Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/." + description: "Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret.\nSee the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/." type: "string" required: - "secretName" @@ -781,7 +805,7 @@ spec: description: "Kubernetes Image Puller configuration" properties: enable: - description: "Install and configure the Community Supported Kubernetes Image Puller Operator. When set to `true` and no spec is provided, it will create a default KubernetesImagePuller object to be managed by the Operator. When set to `false`, the KubernetesImagePuller object will be deleted, and the Operator will be uninstalled, regardless of whether a spec is provided. If the `spec.images` field is empty, a set of recommended workspace-related images will be automatically detected and pre-pulled after installation. Note that while this Operator and its behavior is community-supported, its payload may be commercially-supported for pulling commercially-supported images." + description: "Install and configure the Community Supported Kubernetes Image Puller Operator. When set to `true` and no spec is provided,\nit will create a default KubernetesImagePuller object to be managed by the Operator.\nWhen set to `false`, the KubernetesImagePuller object will be deleted, and the Operator will be uninstalled,\nregardless of whether a spec is provided.\nIf the `spec.images` field is empty, a set of recommended workspace-related images will be automatically detected and\npre-pulled after installation.\nNote that while this Operator and its behavior is community-supported, its payload may be commercially-supported\nfor pulling commercially-supported images." type: "boolean" spec: description: "A KubernetesImagePullerSpec to configure the image puller in the CheCluster" @@ -820,13 +844,13 @@ spec: description: "Configuration settings specific to Che installations made on upstream Kubernetes." properties: ingressClass: - description: "Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`. NB: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses." + description: "Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`.\nNB: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses." type: "string" ingressDomain: description: "Global ingress domain for a Kubernetes cluster. This MUST be explicitly specified: there are no defaults." type: "string" ingressStrategy: - description: "Deprecated. The value of this flag is ignored. Strategy for ingress creation. Options are: `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules). Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section, which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence." + description: "Deprecated. The value of this flag is ignored.\nStrategy for ingress creation. Options are: `multi-host` (host is explicitly provided in ingress),\n`single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules).\nDefaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section,\nwhich defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence." type: "string" securityContextFsGroup: description: "The FSGroup in which the Che Pod and workspace Pods containers runs in. Default value is `1724`." @@ -835,10 +859,10 @@ spec: description: "ID of the user the Che Pod and workspace Pods containers run as. Default value is `1724`." type: "string" singleHostExposureType: - description: "Deprecated. The value of this flag is ignored. When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s or `gateway` where the server and workspaces are exposed using a custom gateway based on link:https://doc.traefik.io/traefik/[Traefik]. All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`." + description: "Deprecated. The value of this flag is ignored.\nWhen the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property.\nThe possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s\nor `gateway` where the server and workspaces are exposed using a custom gateway based on link:https://doc.traefik.io/traefik/[Traefik].\nAll the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`." type: "string" tlsSecretName: - description: "Name of a secret that will be used to setup ingress TLS termination when TLS is enabled. When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field." + description: "Name of a secret that will be used to setup ingress TLS termination when TLS is enabled.\nWhen the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field." type: "string" type: "object" metrics: @@ -852,40 +876,40 @@ spec: description: "General configuration settings related to the Che server, the plugin and devfile registries" properties: airGapContainerRegistryHostname: - description: "Optional host name, or URL, to an alternate container registry to pull images from. This value overrides the container registry host name defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in a restricted environment." + description: "Optional host name, or URL, to an alternate container registry to pull images from.\nThis value overrides the container registry host name defined in all the default container images involved in a Che deployment.\nThis is particularly useful to install Che in a restricted environment." type: "string" airGapContainerRegistryOrganization: - description: "Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install Eclipse Che in a restricted environment." + description: "Optional repository name of an alternate container registry to pull images from.\nThis value overrides the container registry organization defined in all the default container images involved in a Che deployment.\nThis is particularly useful to install Eclipse Che in a restricted environment." type: "string" allowAutoProvisionUserNamespace: - description: "Indicates if is allowed to automatically create a user namespace. If it set to false, then user namespace must be pre-created by a cluster administrator." + description: "Indicates if is allowed to automatically create a user namespace.\nIf it set to false, then user namespace must be pre-created by a cluster administrator." type: "boolean" allowUserDefinedWorkspaceNamespaces: - description: "Deprecated. The value of this flag is ignored. Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default. It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property." + description: "Deprecated. The value of this flag is ignored.\nDefines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default.\nIt's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property." type: "boolean" cheClusterRoles: - description: "A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org` label. Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them." + description: "A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount.\nEach role must have `app.kubernetes.io/part-of=che.eclipse.org` label.\nBe aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them." type: "string" cheDebug: description: "Enables the debug mode for Che server. Defaults to `false`." type: "string" cheFlavor: - description: "Deprecated. The value of this flag is ignored. Specifies a variation of the installation. The options are `che` for upstream Che installations or `devspaces` for Red Hat OpenShift Dev Spaces (formerly Red Hat CodeReady Workspaces) installation" + description: "Deprecated. The value of this flag is ignored.\nSpecifies a variation of the installation. The options are `che` for upstream Che installations or\n`devspaces` for Red Hat OpenShift Dev Spaces (formerly Red Hat CodeReady Workspaces) installation" type: "string" cheHost: - description: "Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator. See the `cheHostTLSSecret` field." + description: "Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator.\nSee the `cheHostTLSSecret` field." type: "string" cheHostTLSSecret: - description: "Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. See the `cheHost` field." + description: "Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server.\nThe secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.\nSee the `cheHost` field." type: "string" cheImage: - description: "Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the default container image provided by the Operator." + description: "Overrides the container image used in Che deployment. This does NOT include the container image tag.\nOmit it or leave it empty to use the default container image provided by the Operator." type: "string" cheImagePullPolicy: - description: "Overrides the image pull policy used in Che deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases." + description: "Overrides the image pull policy used in Che deployment.\nDefault value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases." type: "string" cheImageTag: - description: "Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the default image tag provided by the Operator." + description: "Overrides the tag of the container image used in Che deployment.\nOmit it or leave it empty to use the default image tag provided by the Operator." type: "string" cheLogLevel: description: "Log level for the Che server: `INFO` or `DEBUG`. Defaults to `INFO`." @@ -899,7 +923,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -911,7 +935,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -919,8 +943,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -931,8 +956,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -950,6 +976,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -957,7 +984,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -965,6 +992,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -991,25 +1019,25 @@ spec: description: "Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata." type: "object" domain: - description: "Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`." + description: "Operator uses the domain to generate a hostname for a route.\nIn a conjunction with labels it creates a route, which is served by a non-default Ingress controller.\nThe generated host name will follow this pattern: `-.`." type: "string" labels: description: "Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting." type: "string" type: "object" cheWorkspaceClusterRole: - description: "Custom cluster role bound to the user for the Che workspaces. The role must have `app.kubernetes.io/part-of=che.eclipse.org` label. The default roles are used when omitted or left blank." + description: "Custom cluster role bound to the user for the Che workspaces.\nThe role must have `app.kubernetes.io/part-of=che.eclipse.org` label.\nThe default roles are used when omitted or left blank." type: "string" customCheProperties: additionalProperties: type: "string" - description: "Map of additional environment variables that will be applied in the generated `che` ConfigMap to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). When `customCheProperties` contains a property that would be normally generated in `che` ConfigMap from other CR fields, the value defined in the `customCheProperties` is used instead." + description: "Map of additional environment variables that will be applied in the generated `che` ConfigMap to be used by the Che server,\nin addition to the values already generated from other fields of the `CheCluster` custom resource (CR).\nWhen `customCheProperties` contains a property that would be normally generated in `che` ConfigMap from other CR fields,\nthe value defined in the `customCheProperties` is used instead." type: "object" dashboardCpuLimit: - description: "Overrides the CPU limit used in the dashboard deployment. In cores. (500m = .5 cores). Default to 500m." + description: "Overrides the CPU limit used in the dashboard deployment.\nIn cores. (500m = .5 cores). Default to 500m." type: "string" dashboardCpuRequest: - description: "Overrides the CPU request used in the dashboard deployment. In cores. (500m = .5 cores). Default to 100m." + description: "Overrides the CPU request used in the dashboard deployment.\nIn cores. (500m = .5 cores). Default to 100m." type: "string" dashboardEnv: description: "List of environment variables to set in the dashboard container." @@ -1020,7 +1048,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -1032,7 +1060,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1040,8 +1068,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -1052,8 +1081,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -1071,6 +1101,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -1078,7 +1109,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1086,19 +1117,20 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" type: "object" type: "array" dashboardImage: - description: "Overrides the container image used in the dashboard deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator." + description: "Overrides the container image used in the dashboard deployment.\nThis includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator." type: "string" dashboardImagePullPolicy: - description: "Overrides the image pull policy used in the dashboard deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases." + description: "Overrides the image pull policy used in the dashboard deployment.\nDefault value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases." type: "string" dashboardIngress: - description: "Deprecated. The value of this flag is ignored. Dashboard ingress custom settings." + description: "Deprecated. The value of this flag is ignored.\nDashboard ingress custom settings." properties: annotations: additionalProperties: @@ -1116,7 +1148,7 @@ spec: description: "Overrides the memory request used in the dashboard deployment. Defaults to 16Mi." type: "string" dashboardRoute: - description: "Deprecated. The value of this flag is ignored. Dashboard route custom settings." + description: "Deprecated. The value of this flag is ignored.\nDashboard route custom settings." properties: annotations: additionalProperties: @@ -1124,17 +1156,17 @@ spec: description: "Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata." type: "object" domain: - description: "Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`." + description: "Operator uses the domain to generate a hostname for a route.\nIn a conjunction with labels it creates a route, which is served by a non-default Ingress controller.\nThe generated host name will follow this pattern: `-.`." type: "string" labels: description: "Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting." type: "string" type: "object" devfileRegistryCpuLimit: - description: "Overrides the CPU limit used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 500m." + description: "Overrides the CPU limit used in the devfile registry deployment.\nIn cores. (500m = .5 cores). Default to 500m." type: "string" devfileRegistryCpuRequest: - description: "Overrides the CPU request used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 100m." + description: "Overrides the CPU request used in the devfile registry deployment.\nIn cores. (500m = .5 cores). Default to 100m." type: "string" devfileRegistryEnv: description: "List of environment variables to set in the plugin registry container." @@ -1145,7 +1177,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -1157,7 +1189,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1165,8 +1197,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -1177,8 +1210,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -1196,6 +1230,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -1203,7 +1238,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1211,16 +1246,17 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" type: "object" type: "array" devfileRegistryImage: - description: "Overrides the container image used in the devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator." + description: "Overrides the container image used in the devfile registry deployment.\nThis includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator." type: "string" devfileRegistryIngress: - description: "Deprecated. The value of this flag is ignored. The devfile registry ingress custom settings." + description: "Deprecated. The value of this flag is ignored.\nThe devfile registry ingress custom settings." properties: annotations: additionalProperties: @@ -1238,10 +1274,10 @@ spec: description: "Overrides the memory request used in the devfile registry deployment. Defaults to 16Mi." type: "string" devfileRegistryPullPolicy: - description: "Overrides the image pull policy used in the devfile registry deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases." + description: "Overrides the image pull policy used in the devfile registry deployment.\nDefault value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases." type: "string" devfileRegistryRoute: - description: "Deprecated. The value of this flag is ignored. The devfile registry route custom settings." + description: "Deprecated. The value of this flag is ignored.\nThe devfile registry route custom settings." properties: annotations: additionalProperties: @@ -1249,7 +1285,7 @@ spec: description: "Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata." type: "object" domain: - description: "Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`." + description: "Operator uses the domain to generate a hostname for a route.\nIn a conjunction with labels it creates a route, which is served by a non-default Ingress controller.\nThe generated host name will follow this pattern: `-.`." type: "string" labels: description: "Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting." @@ -1259,10 +1295,10 @@ spec: description: "Deprecated in favor of `externalDevfileRegistries` fields." type: "string" disableInternalClusterSVCNames: - description: "Deprecated. The value of this flag is ignored. Disable internal cluster SVC names usage to communicate between components to speed up the traffic and avoid proxy issues." + description: "Deprecated. The value of this flag is ignored.\nDisable internal cluster SVC names usage to communicate between components to speed up the traffic and avoid proxy issues." type: "boolean" externalDevfileRegistries: - description: "External devfile registries, that serves sample, ready-to-use devfiles. Configure this in addition to a dedicated devfile registry (when `externalDevfileRegistry` is `false`) or instead of it (when `externalDevfileRegistry` is `true`)" + description: "External devfile registries, that serves sample, ready-to-use devfiles.\nConfigure this in addition to a dedicated devfile registry (when `externalDevfileRegistry` is `false`)\nor instead of it (when `externalDevfileRegistry` is `true`)" items: description: "Settings for a configuration of the external devfile registries." properties: @@ -1272,25 +1308,25 @@ spec: type: "object" type: "array" externalDevfileRegistry: - description: "Instructs the Operator on whether to deploy a dedicated devfile registry server. By default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`, no such dedicated server will be started by the Operator and configure at least one devfile registry with `externalDevfileRegistries` field." + description: "Instructs the Operator on whether to deploy a dedicated devfile registry server.\nBy default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`,\nno such dedicated server will be started by the Operator and configure at least one\ndevfile registry with `externalDevfileRegistries` field." type: "boolean" externalPluginRegistry: - description: "Instructs the Operator on whether to deploy a dedicated plugin registry server. By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field." + description: "Instructs the Operator on whether to deploy a dedicated plugin registry server.\nBy default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server\nwill be started by the Operator and you will have to manually set the `pluginRegistryUrl` field." type: "boolean" gitSelfSignedCert: - description: "When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git. Note, the `che-git-self-signed-cert` ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org` label." + description: "When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git.\nNote, the `che-git-self-signed-cert` ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org` label." type: "boolean" nonProxyHosts: - description: "List of hosts that will be reached directly, bypassing the proxy. Specify wild card domain use the following form `.` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields." + description: "List of hosts that will be reached directly, bypassing the proxy.\nSpecify wild card domain use the following form `.` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32`\nOnly use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required,\nbut defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources.\nSee the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields." type: "string" openVSXRegistryURL: description: "Open VSX registry URL. If omitted an embedded instance will be used." type: "string" pluginRegistryCpuLimit: - description: "Overrides the CPU limit used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 500m." + description: "Overrides the CPU limit used in the plugin registry deployment.\nIn cores. (500m = .5 cores). Default to 500m." type: "string" pluginRegistryCpuRequest: - description: "Overrides the CPU request used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 100m." + description: "Overrides the CPU request used in the plugin registry deployment.\nIn cores. (500m = .5 cores). Default to 100m." type: "string" pluginRegistryEnv: description: "List of environment variables to set in the devfile registry container." @@ -1301,7 +1337,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -1313,7 +1349,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1321,8 +1357,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -1333,8 +1370,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -1352,6 +1390,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -1359,7 +1398,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1367,16 +1406,17 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" type: "object" type: "array" pluginRegistryImage: - description: "Overrides the container image used in the plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator." + description: "Overrides the container image used in the plugin registry deployment.\nThis includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator." type: "string" pluginRegistryIngress: - description: "Deprecated. The value of this flag is ignored. Plugin registry ingress custom settings." + description: "Deprecated. The value of this flag is ignored.\nPlugin registry ingress custom settings." properties: annotations: additionalProperties: @@ -1394,10 +1434,10 @@ spec: description: "Overrides the memory request used in the plugin registry deployment. Defaults to 16Mi." type: "string" pluginRegistryPullPolicy: - description: "Overrides the image pull policy used in the plugin registry deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases." + description: "Overrides the image pull policy used in the plugin registry deployment.\nDefault value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases." type: "string" pluginRegistryRoute: - description: "Deprecated. The value of this flag is ignored. Plugin registry route custom settings." + description: "Deprecated. The value of this flag is ignored.\nPlugin registry route custom settings." properties: annotations: additionalProperties: @@ -1405,41 +1445,41 @@ spec: description: "Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata." type: "object" domain: - description: "Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`." + description: "Operator uses the domain to generate a hostname for a route.\nIn a conjunction with labels it creates a route, which is served by a non-default Ingress controller.\nThe generated host name will follow this pattern: `-.`." type: "string" labels: description: "Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting." type: "string" type: "object" pluginRegistryUrl: - description: "Public URL of the plugin registry that serves sample ready-to-use devfiles. Set this ONLY when a use of an external devfile registry is needed. See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator." + description: "Public URL of the plugin registry that serves sample ready-to-use devfiles.\nSet this ONLY when a use of an external devfile registry is needed.\nSee the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator." type: "string" proxyPassword: - description: "Password of the proxy server. Only use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields." + description: "Password of the proxy server.\nOnly use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields." type: "string" proxyPort: description: "Port of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL` and `nonProxyHosts` fields." type: "string" proxySecret: - description: "The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label." + description: "The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored.\nThe secret must have `app.kubernetes.io/part-of=che.eclipse.org` label." type: "string" proxyURL: - description: "URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields." + description: "URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables\nin the Che server and workspaces containers.\nOnly use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration\nand no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration\nwith fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource.\nSee the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields." type: "string" proxyUser: description: "User name of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL`, `proxyPassword` and `proxySecret` fields." type: "string" selfSignedCert: - description: "Deprecated. The value of this flag is ignored. The Che Operator will automatically detect whether the router certificate is self-signed and propagate it to other components, such as the Che server." + description: "Deprecated. The value of this flag is ignored.\nThe Che Operator will automatically detect whether the router certificate is self-signed and propagate it to other components, such as the Che server." type: "boolean" serverCpuLimit: - description: "Overrides the CPU limit used in the Che server deployment In cores. (500m = .5 cores). Default to 1." + description: "Overrides the CPU limit used in the Che server deployment\nIn cores. (500m = .5 cores). Default to 1." type: "string" serverCpuRequest: - description: "Overrides the CPU request used in the Che server deployment In cores. (500m = .5 cores). Default to 100m." + description: "Overrides the CPU request used in the Che server deployment\nIn cores. (500m = .5 cores). Default to 100m." type: "string" serverExposureStrategy: - description: "Deprecated. The value of this flag is ignored. Sets the server and workspaces exposure type. Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint. `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths. Read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes. `default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach." + description: "Deprecated. The value of this flag is ignored.\nSets the server and workspaces exposure type.\nPossible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint.\n`single-host` makes Che exposed on a single host name with workspaces exposed on subpaths.\nRead the docs to learn about the limitations of this approach.\nAlso consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes.\n`default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach." type: "string" serverMemoryLimit: description: "Overrides the memory limit used in the Che server deployment. Defaults to 1Gi." @@ -1448,7 +1488,7 @@ spec: description: "Overrides the memory request used in the Che server deployment. Defaults to 512Mi." type: "string" serverTrustStoreConfigMapName: - description: "Name of the ConfigMap with public certificates to add to Java trust store of the Che server. This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. The Che server must be aware of its CA cert to be able to request it. This is disabled by default. The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org` label." + description: "Name of the ConfigMap with public certificates to add to Java trust store of the Che server.\nThis is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert.\nThe Che server must be aware of its CA cert to be able to request it. This is disabled by default.\nThe Config Map must have `app.kubernetes.io/part-of=che.eclipse.org` label." type: "string" singleHostGatewayConfigMapLabels: additionalProperties: @@ -1468,7 +1508,7 @@ spec: description: "Deprecated in favor of `disableInternalClusterSVCNames`." type: "boolean" workspaceDefaultComponents: - description: "Default components applied to DevWorkspaces. These default components are meant to be used when a Devfile does not contain any components." + description: "Default components applied to DevWorkspaces.\nThese default components are meant to be used when a Devfile does not contain any components." items: properties: attributes: @@ -1504,12 +1544,12 @@ spec: type: "object" type: "object" args: - description: "The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. \n Defaults to an empty array, meaning use whatever is defined in the image." + description: "The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command.\n\n\nDefaults to an empty array, meaning use whatever is defined in the image." items: type: "string" type: "array" command: - description: "The command to run in the dockerimage component instead of the default one provided in the image. \n Defaults to an empty array, meaning use whatever is defined in the image." + description: "The command to run in the dockerimage component instead of the default one provided in the image.\n\n\nDefaults to an empty array, meaning use whatever is defined in the image." items: type: "string" type: "array" @@ -1518,7 +1558,7 @@ spec: cpuRequest: type: "string" dedicatedPod: - description: "Specify if a container should run in its own separated pod, instead of running as part of the main development environment pod. \n Default value is `false`" + description: "Specify if a container should run in its own separated pod,\ninstead of running as part of the main development environment pod.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -1529,12 +1569,12 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: default: "public" - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -1549,7 +1589,7 @@ spec: type: "string" protocol: default: "http" - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -1559,10 +1599,10 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" @@ -1570,7 +1610,7 @@ spec: type: "object" type: "array" env: - description: "Environment variables used in this container. \n The following variables are reserved and cannot be overridden via env: \n - `$PROJECTS_ROOT` \n - `$PROJECT_SOURCE`" + description: "Environment variables used in this container.\n\n\nThe following variables are reserved and cannot be overridden via env:\n\n\n - `$PROJECTS_ROOT`\n\n\n - `$PROJECT_SOURCE`" items: properties: name: @@ -1589,11 +1629,11 @@ spec: memoryRequest: type: "string" mountSources: - description: "Toggles whether or not the project source code should be mounted in the component. \n Defaults to true for all component types except plugins and components that set `dedicatedPod` to true." + description: "Toggles whether or not the project source code should\nbe mounted in the component.\n\n\nDefaults to true for all component types except plugins and components that set `dedicatedPod` to true." type: "boolean" sourceMapping: default: "/projects" - description: "Optional specification of the path in the container where project sources should be transferred/mounted when `mountSources` is `true`. When omitted, the default value of /projects is used." + description: "Optional specification of the path in the container where\nproject sources should be transferred/mounted when `mountSources` is `true`.\nWhen omitted, the default value of /projects is used." type: "string" volumeMounts: description: "List of volumes mounts that should be mounted is this container." @@ -1601,12 +1641,12 @@ spec: description: "Volume that should be mounted to a component container" properties: name: - description: "The volume mount name is the name of an existing `Volume` component. If several containers mount the same volume name then they will reuse the same volume and will be able to access to the same files." + description: "The volume mount name is the name of an existing `Volume` component.\nIf several containers mount the same volume name\nthen they will reuse the same volume and will be able to access to the same files." maxLength: 63 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" path: - description: "The path in the component container where the volume should be mounted. If not path is mentioned, default path is the is `/`." + description: "The path in the component container where the volume should be mounted.\nIf not path is mentioned, default path is the is `/`." type: "string" required: - "name" @@ -1616,13 +1656,13 @@ spec: - "image" type: "object" custom: - description: "Custom component whose logic is implementation-dependant and should be provided by the user possibly through some dedicated controller" + description: "Custom component whose logic is implementation-dependant\nand should be provided by the user\npossibly through some dedicated controller" properties: componentClass: - description: "Class of component that the associated implementation controller should use to process this command with the appropriate logic" + description: "Class of component that the associated implementation controller\nshould use to process this command with the appropriate logic" type: "string" embeddedResource: - description: "Additional free-form configuration for this custom component that the implementation controller will know how to use" + description: "Additional free-form configuration for this custom component\nthat the implementation controller will know how to use" type: "object" x-kubernetes-embedded-resource: true x-kubernetes-preserve-unknown-fields: true @@ -1634,7 +1674,7 @@ spec: description: "Allows specifying the definition of an image for outer loop builds" properties: autoBuild: - description: "Defines if the image should be built during startup. \n Default value is `false`" + description: "Defines if the image should be built during startup.\n\n\nDefault value is `false`" type: "boolean" dockerfile: description: "Allows specifying dockerfile type build" @@ -1651,10 +1691,10 @@ spec: description: "Dockerfile's Devfile Registry source" properties: id: - description: "Id in a devfile registry that contains a Dockerfile. The src in the OCI registry required for the Dockerfile build will be downloaded for building the image." + description: "Id in a devfile registry that contains a Dockerfile. The src in the OCI registry\nrequired for the Dockerfile build will be downloaded for building the image." type: "string" registryUrl: - description: "Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. To ensure the Dockerfile gets resolved consistently in different environments, it is recommended to always specify the `devfileRegistryUrl` when `Id` is used." + description: "Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src.\nTo ensure the Dockerfile gets resolved consistently in different environments,\nit is recommended to always specify the `devfileRegistryUrl` when `Id` is used." type: "string" required: - "id" @@ -1669,22 +1709,22 @@ spec: description: "The remote name should be used as init. Required if there are more than one remote configured" type: "string" revision: - description: "The revision to checkout from. Should be branch name, tag or commit id. Default branch is used if missing or specified revision is not found." + description: "The revision to checkout from. Should be branch name, tag or commit id.\nDefault branch is used if missing or specified revision is not found." type: "string" type: "object" fileLocation: - description: "Location of the Dockerfile in the Git repository when using git as Dockerfile src. Defaults to Dockerfile." + description: "Location of the Dockerfile in the Git repository when using git as Dockerfile src.\nDefaults to Dockerfile." type: "string" remotes: additionalProperties: type: "string" - description: "The remotes map which should be initialized in the git project. Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured." + description: "The remotes map which should be initialized in the git project.\nProjects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured." type: "object" required: - "remotes" type: "object" rootRequired: - description: "Specify if a privileged builder pod is required. \n Default value is `false`" + description: "Specify if a privileged builder pod is required.\n\n\nDefault value is `false`" type: "boolean" srcType: description: "Type of Dockerfile src" @@ -1694,7 +1734,7 @@ spec: - "Git" type: "string" uri: - description: "URI Reference of a Dockerfile. It can be a full URL or a relative URI from the current devfile as the base URI." + description: "URI Reference of a Dockerfile.\nIt can be a full URL or a relative URI from the current devfile as the base URI." type: "string" type: "object" imageName: @@ -1709,10 +1749,10 @@ spec: - "imageName" type: "object" kubernetes: - description: "Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production." + description: "Allows importing into the devworkspace the Kubernetes resources\ndefined in a given manifest. For example this allows reusing the Kubernetes\ndefinitions used to deploy some runtime components in production." properties: deployByDefault: - description: "Defines if the component should be deployed during startup. \n Default value is `false`" + description: "Defines if the component should be deployed during startup.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -1723,12 +1763,12 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: default: "public" - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -1743,7 +1783,7 @@ spec: type: "string" protocol: default: "http" - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -1753,10 +1793,10 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" @@ -1777,15 +1817,15 @@ spec: type: "string" type: "object" name: - description: "Mandatory name that allows referencing the component from other elements (such as commands) or from an external devfile that may reference this component through a parent or a plugin." + description: "Mandatory name that allows referencing the component\nfrom other elements (such as commands) or from an external\ndevfile that may reference this component through a parent or a plugin." maxLength: 63 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" openshift: - description: "Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production." + description: "Allows importing into the devworkspace the OpenShift resources\ndefined in a given manifest. For example this allows reusing the OpenShift\ndefinitions used to deploy some runtime components in production." properties: deployByDefault: - description: "Defines if the component should be deployed during startup. \n Default value is `false`" + description: "Defines if the component should be deployed during startup.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -1796,12 +1836,12 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: default: "public" - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -1816,7 +1856,7 @@ spec: type: "string" protocol: default: "http" - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -1826,10 +1866,10 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" @@ -1850,14 +1890,14 @@ spec: type: "string" type: "object" plugin: - description: "Allows importing a plugin. \n Plugins are mainly imported devfiles that contribute components, commands and events as a consistent single unit. They are defined in either YAML files following the devfile syntax, or as `DevWorkspaceTemplate` Kubernetes Custom Resources" + description: "Allows importing a plugin.\n\n\nPlugins are mainly imported devfiles that contribute components, commands\nand events as a consistent single unit. They are defined in either YAML files\nfollowing the devfile syntax,\nor as `DevWorkspaceTemplate` Kubernetes Custom Resources" properties: commands: - description: "Overrides of commands encapsulated in a parent devfile or a plugin. Overriding is done according to K8S strategic merge patch standard rules." + description: "Overrides of commands encapsulated in a parent devfile or a plugin.\nOverriding is done according to K8S strategic merge patch standard rules." items: properties: apply: - description: "Command that consists in applying a given component definition, typically bound to a devworkspace event. \n For example, when an `apply` command is bound to a `preStart` event, and references a `container` component, it will start the container as a K8S initContainer in the devworkspace POD, unless the component has its `dedicatedPod` field set to `true`. \n When no `apply` command exist for a given component, it is assumed the component will be applied at devworkspace start by default, unless `deployByDefault` for that component is set to false." + description: "Command that consists in applying a given component definition,\ntypically bound to a devworkspace event.\n\n\nFor example, when an `apply` command is bound to a `preStart` event,\nand references a `container` component, it will start the container as a\nK8S initContainer in the devworkspace POD, unless the component has its\n`dedicatedPod` field set to `true`.\n\n\nWhen no `apply` command exist for a given component,\nit is assumed the component will be applied at devworkspace start\nby default, unless `deployByDefault` for that component is set to false." properties: component: description: "Describes component that will be applied" @@ -1879,7 +1919,7 @@ spec: type: "string" type: "object" label: - description: "Optional label that provides a label for this command to be used in Editor UI menus for example" + description: "Optional label that provides a label for this command\nto be used in Editor UI menus for example" type: "string" type: "object" attributes: @@ -1894,7 +1934,7 @@ spec: - "Composite" type: "string" composite: - description: "Composite command that allows executing several sub-commands either sequentially or concurrently" + description: "Composite command that allows executing several sub-commands\neither sequentially or concurrently" properties: commands: description: "The commands that comprise this composite command" @@ -1918,7 +1958,7 @@ spec: type: "string" type: "object" label: - description: "Optional label that provides a label for this command to be used in Editor UI menus for example" + description: "Optional label that provides a label for this command\nto be used in Editor UI menus for example" type: "string" parallel: description: "Indicates if the sub-commands should be executed concurrently" @@ -1928,13 +1968,13 @@ spec: description: "CLI Command executed in an existing component container" properties: commandLine: - description: "The actual command-line string \n Special variables that can be used: \n - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. \n - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one." + description: "The actual command-line string\n\n\nSpecial variables that can be used:\n\n\n - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping.\n\n\n - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one." type: "string" component: description: "Describes component to which given action relates" type: "string" env: - description: "Optional list of environment variables that have to be set before running the command" + description: "Optional list of environment variables that have to be set\nbefore running the command" items: properties: name: @@ -1962,17 +2002,17 @@ spec: type: "string" type: "object" hotReloadCapable: - description: "Specify whether the command is restarted or not when the source code changes. If set to `true` the command won't be restarted. A *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted. A *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again. This field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`. \n Default value is `false`" + description: "Specify whether the command is restarted or not when the source code changes.\nIf set to `true` the command won't be restarted.\nA *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted.\nA *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again.\nThis field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`.\n\n\nDefault value is `false`" type: "boolean" label: - description: "Optional label that provides a label for this command to be used in Editor UI menus for example" + description: "Optional label that provides a label for this command\nto be used in Editor UI menus for example" type: "string" workingDir: - description: "Working directory where the command should be executed \n Special variables that can be used: \n - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. \n - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one." + description: "Working directory where the command should be executed\n\n\nSpecial variables that can be used:\n\n\n - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping.\n\n\n - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one." type: "string" type: "object" id: - description: "Mandatory identifier that allows referencing this command in composite commands, from a parent, or in events." + description: "Mandatory identifier that allows referencing\nthis command in composite commands, from\na parent, or in events." maxLength: 63 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" @@ -1981,7 +2021,7 @@ spec: type: "object" type: "array" components: - description: "Overrides of components encapsulated in a parent devfile or a plugin. Overriding is done according to K8S strategic merge patch standard rules." + description: "Overrides of components encapsulated in a parent devfile or a plugin.\nOverriding is done according to K8S strategic merge patch standard rules." items: properties: attributes: @@ -2015,12 +2055,12 @@ spec: type: "object" type: "object" args: - description: "The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. \n Defaults to an empty array, meaning use whatever is defined in the image." + description: "The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command.\n\n\nDefaults to an empty array, meaning use whatever is defined in the image." items: type: "string" type: "array" command: - description: "The command to run in the dockerimage component instead of the default one provided in the image. \n Defaults to an empty array, meaning use whatever is defined in the image." + description: "The command to run in the dockerimage component instead of the default one provided in the image.\n\n\nDefaults to an empty array, meaning use whatever is defined in the image." items: type: "string" type: "array" @@ -2029,7 +2069,7 @@ spec: cpuRequest: type: "string" dedicatedPod: - description: "Specify if a container should run in its own separated pod, instead of running as part of the main development environment pod. \n Default value is `false`" + description: "Specify if a container should run in its own separated pod,\ninstead of running as part of the main development environment pod.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -2040,11 +2080,11 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -2058,7 +2098,7 @@ spec: description: "Path of the endpoint URL" type: "string" protocol: - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -2068,17 +2108,17 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" type: "object" type: "array" env: - description: "Environment variables used in this container. \n The following variables are reserved and cannot be overridden via env: \n - `$PROJECTS_ROOT` \n - `$PROJECT_SOURCE`" + description: "Environment variables used in this container.\n\n\nThe following variables are reserved and cannot be overridden via env:\n\n\n - `$PROJECTS_ROOT`\n\n\n - `$PROJECT_SOURCE`" items: properties: name: @@ -2096,10 +2136,10 @@ spec: memoryRequest: type: "string" mountSources: - description: "Toggles whether or not the project source code should be mounted in the component. \n Defaults to true for all component types except plugins and components that set `dedicatedPod` to true." + description: "Toggles whether or not the project source code should\nbe mounted in the component.\n\n\nDefaults to true for all component types except plugins and components that set `dedicatedPod` to true." type: "boolean" sourceMapping: - description: "Optional specification of the path in the container where project sources should be transferred/mounted when `mountSources` is `true`. When omitted, the default value of /projects is used." + description: "Optional specification of the path in the container where\nproject sources should be transferred/mounted when `mountSources` is `true`.\nWhen omitted, the default value of /projects is used." type: "string" volumeMounts: description: "List of volumes mounts that should be mounted is this container." @@ -2107,12 +2147,12 @@ spec: description: "Volume that should be mounted to a component container" properties: name: - description: "The volume mount name is the name of an existing `Volume` component. If several containers mount the same volume name then they will reuse the same volume and will be able to access to the same files." + description: "The volume mount name is the name of an existing `Volume` component.\nIf several containers mount the same volume name\nthen they will reuse the same volume and will be able to access to the same files." maxLength: 63 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" path: - description: "The path in the component container where the volume should be mounted. If not path is mentioned, default path is the is `/`." + description: "The path in the component container where the volume should be mounted.\nIf not path is mentioned, default path is the is `/`." type: "string" required: - "name" @@ -2123,7 +2163,7 @@ spec: description: "Allows specifying the definition of an image for outer loop builds" properties: autoBuild: - description: "Defines if the image should be built during startup. \n Default value is `false`" + description: "Defines if the image should be built during startup.\n\n\nDefault value is `false`" type: "boolean" dockerfile: description: "Allows specifying dockerfile type build" @@ -2140,10 +2180,10 @@ spec: description: "Dockerfile's Devfile Registry source" properties: id: - description: "Id in a devfile registry that contains a Dockerfile. The src in the OCI registry required for the Dockerfile build will be downloaded for building the image." + description: "Id in a devfile registry that contains a Dockerfile. The src in the OCI registry\nrequired for the Dockerfile build will be downloaded for building the image." type: "string" registryUrl: - description: "Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. To ensure the Dockerfile gets resolved consistently in different environments, it is recommended to always specify the `devfileRegistryUrl` when `Id` is used." + description: "Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src.\nTo ensure the Dockerfile gets resolved consistently in different environments,\nit is recommended to always specify the `devfileRegistryUrl` when `Id` is used." type: "string" type: "object" git: @@ -2156,20 +2196,20 @@ spec: description: "The remote name should be used as init. Required if there are more than one remote configured" type: "string" revision: - description: "The revision to checkout from. Should be branch name, tag or commit id. Default branch is used if missing or specified revision is not found." + description: "The revision to checkout from. Should be branch name, tag or commit id.\nDefault branch is used if missing or specified revision is not found." type: "string" type: "object" fileLocation: - description: "Location of the Dockerfile in the Git repository when using git as Dockerfile src. Defaults to Dockerfile." + description: "Location of the Dockerfile in the Git repository when using git as Dockerfile src.\nDefaults to Dockerfile." type: "string" remotes: additionalProperties: type: "string" - description: "The remotes map which should be initialized in the git project. Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured." + description: "The remotes map which should be initialized in the git project.\nProjects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured." type: "object" type: "object" rootRequired: - description: "Specify if a privileged builder pod is required. \n Default value is `false`" + description: "Specify if a privileged builder pod is required.\n\n\nDefault value is `false`" type: "boolean" srcType: description: "Type of Dockerfile src" @@ -2179,7 +2219,7 @@ spec: - "Git" type: "string" uri: - description: "URI Reference of a Dockerfile. It can be a full URL or a relative URI from the current devfile as the base URI." + description: "URI Reference of a Dockerfile.\nIt can be a full URL or a relative URI from the current devfile as the base URI." type: "string" type: "object" imageName: @@ -2193,10 +2233,10 @@ spec: type: "string" type: "object" kubernetes: - description: "Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production." + description: "Allows importing into the devworkspace the Kubernetes resources\ndefined in a given manifest. For example this allows reusing the Kubernetes\ndefinitions used to deploy some runtime components in production." properties: deployByDefault: - description: "Defines if the component should be deployed during startup. \n Default value is `false`" + description: "Defines if the component should be deployed during startup.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -2207,11 +2247,11 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -2225,7 +2265,7 @@ spec: description: "Path of the endpoint URL" type: "string" protocol: - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -2235,10 +2275,10 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" @@ -2258,15 +2298,15 @@ spec: type: "string" type: "object" name: - description: "Mandatory name that allows referencing the component from other elements (such as commands) or from an external devfile that may reference this component through a parent or a plugin." + description: "Mandatory name that allows referencing the component\nfrom other elements (such as commands) or from an external\ndevfile that may reference this component through a parent or a plugin." maxLength: 63 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" openshift: - description: "Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production." + description: "Allows importing into the devworkspace the OpenShift resources\ndefined in a given manifest. For example this allows reusing the OpenShift\ndefinitions used to deploy some runtime components in production." properties: deployByDefault: - description: "Defines if the component should be deployed during startup. \n Default value is `false`" + description: "Defines if the component should be deployed during startup.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -2277,11 +2317,11 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -2295,7 +2335,7 @@ spec: description: "Path of the endpoint URL" type: "string" protocol: - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -2305,10 +2345,10 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" @@ -2328,10 +2368,10 @@ spec: type: "string" type: "object" volume: - description: "Allows specifying the definition of a volume shared by several other components" + description: "Allows specifying the definition of a volume\nshared by several other components" properties: ephemeral: - description: "Ephemeral volumes are not stored persistently across restarts. Defaults to false" + description: "Ephemeral volumes are not stored persistently across restarts. Defaults\nto false" type: "boolean" size: description: "Size of the volume" @@ -2362,21 +2402,21 @@ spec: - "name" type: "object" registryUrl: - description: "Registry URL to pull the parent devfile from when using id in the parent reference. To ensure the parent devfile gets resolved consistently in different environments, it is recommended to always specify the `registryUrl` when `id` is used." + description: "Registry URL to pull the parent devfile from when using id in the parent reference.\nTo ensure the parent devfile gets resolved consistently in different environments,\nit is recommended to always specify the `registryUrl` when `id` is used." type: "string" uri: - description: "URI Reference of a parent devfile YAML file. It can be a full URL or a relative URI with the current devfile as the base URI." + description: "URI Reference of a parent devfile YAML file.\nIt can be a full URL or a relative URI with the current devfile as the base URI." type: "string" version: - description: "Specific stack/sample version to pull the parent devfile from, when using id in the parent reference. To specify `version`, `id` must be defined and used as the import reference source. `version` can be either a specific stack version, or `latest`. If no `version` specified, default version will be used." + description: "Specific stack/sample version to pull the parent devfile from, when using id in the parent reference.\nTo specify `version`, `id` must be defined and used as the import reference source.\n`version` can be either a specific stack version, or `latest`.\nIf no `version` specified, default version will be used." pattern: "^(latest)|(([1-9])\\.([0-9]+)\\.([0-9]+)(\\-[0-9a-z-]+(\\.[0-9a-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?)$" type: "string" type: "object" volume: - description: "Allows specifying the definition of a volume shared by several other components" + description: "Allows specifying the definition of a volume\nshared by several other components" properties: ephemeral: - description: "Ephemeral volumes are not stored persistently across restarts. Defaults to false" + description: "Ephemeral volumes are not stored persistently across restarts. Defaults\nto false" type: "boolean" size: description: "Size of the volume" @@ -2388,10 +2428,10 @@ spec: type: "array" workspaceDefaultEditor: default: "che-incubator/che-code/latest" - description: "The default editor to workspace create with. It could be a plugin ID or a URI. The plugin ID must have `publisher/plugin/version`. The URI must start from `http`." + description: "The default editor to workspace create with. It could be a plugin ID or a URI.\nThe plugin ID must have `publisher/plugin/version`.\nThe URI must start from `http`." type: "string" workspaceNamespaceDefault: - description: "Defines Kubernetes default namespace in which user's workspaces are created for a case when a user does not override it. It's possible to use ``, `` and `` placeholders, such as che-workspace-. In that case, a new namespace will be created for each user or workspace." + description: "Defines Kubernetes default namespace in which user's workspaces are created for a case when a user does not override it.\nIt's possible to use ``, `` and `` placeholders, such as che-workspace-.\nIn that case, a new namespace will be created for each user or workspace." type: "string" workspacePodNodeSelector: additionalProperties: @@ -2401,23 +2441,23 @@ spec: workspacePodTolerations: description: "The pod tolerations put on the workspace pods to limit where the workspace pods can run." items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" @@ -2449,16 +2489,16 @@ spec: description: "Storage class for the Persistent Volume Claim dedicated to the PostgreSQL database. When omitted or left blank, a default storage class is used." type: "string" preCreateSubPaths: - description: "Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes. Defaults to `false`, however it will need to enable it according to the configuration of your Kubernetes cluster." + description: "Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes.\nDefaults to `false`, however it will need to enable it according to the configuration of your Kubernetes cluster." type: "boolean" pvcClaimSize: description: "Size of the persistent volume claim for workspaces. Defaults to `10Gi`." type: "string" pvcJobsImage: - description: "Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field." + description: "Overrides the container image used to create sub-paths in the Persistent Volumes.\nThis includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field." type: "string" pvcStrategy: - description: "Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`." + description: "Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume),\n`per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`." type: "string" workspacePVCStorageClassName: description: "Storage class for the Persistent Volume Claims dedicated to the Che workspaces. When omitted or left blank, a default storage class is used." @@ -2487,10 +2527,10 @@ spec: description: "The status of the Devworkspace subsystem" properties: gatewayHost: - description: "GatewayHost is the resolved host of the ingress/route. This is equal to the Host in the spec on Kubernetes but contains the actual host name of the route if Host is unspecified on OpenShift." + description: "GatewayHost is the resolved host of the ingress/route. This is equal to the Host in the spec\non Kubernetes but contains the actual host name of the route if Host is unspecified on OpenShift." type: "string" gatewayPhase: - description: "GatewayPhase specifies the phase in which the gateway deployment currently is. If the gateway is disabled, the phase is \"Inactive\"." + description: "GatewayPhase specifies the phase in which the gateway deployment currently is.\nIf the gateway is disabled, the phase is \"Inactive\"." type: "string" message: description: "Message contains further human-readable info for why the Che cluster is in the phase it currently is." @@ -2502,7 +2542,7 @@ spec: description: "A brief CamelCase message indicating details about why the Che cluster is in this state." type: "string" workspaceBaseDomain: - description: "The resolved workspace base domain. This is either the copy of the explicitly defined property of the same name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically resolved basedomain for routes." + description: "The resolved workspace base domain. This is either the copy of the explicitly defined property of the\nsame name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically\nresolved basedomain for routes." type: "string" type: "object" gitHubOAuthProvisioned: @@ -2541,9 +2581,3 @@ spec: storage: false subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v2/checlusters.yaml b/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v2/checlusters.yaml index 412e3eb0a..5c0c3977a 100644 --- a/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v2/checlusters.yaml +++ b/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v2/checlusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "checlusters.org.eclipse.che" spec: group: "org.eclipse.che" @@ -16,13 +16,13 @@ spec: - name: "v2" schema: openAPIV3Schema: - description: "The `CheCluster` custom resource allows defining and managing Eclipse Che server installation. Based on these settings, the Operator automatically creates and maintains several ConfigMaps: `che`, `plugin-registry`, `devfile-registry` that will contain the appropriate environment variables of the various components of the installation. These generated ConfigMaps must NOT be updated manually." + description: "The `CheCluster` custom resource allows defining and managing Eclipse Che server installation.\nBased on these settings, the Operator automatically creates and maintains several ConfigMaps:\n`che`, `plugin-registry`, `devfile-registry` that will contain the appropriate environment variables\nof the various components of the installation. These generated ConfigMaps must NOT be updated manually." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -45,7 +45,7 @@ spec: description: "General configuration settings related to the Che server." properties: clusterRoles: - description: "Additional ClusterRoles assigned to Che ServiceAccount. Each role must have a `app.kubernetes.io/part-of=che.eclipse.org` label. The defaults roles are: - `-cheworkspaces-clusterrole` - `-cheworkspaces-namespaces-clusterrole` - `-cheworkspaces-devworkspace-clusterrole` where the is the namespace where the CheCluster CR is created. The Che Operator must already have all permissions in these ClusterRoles to grant them." + description: "Additional ClusterRoles assigned to Che ServiceAccount.\nEach role must have a `app.kubernetes.io/part-of=che.eclipse.org` label.\nThe defaults roles are:\n- `-cheworkspaces-clusterrole`\n- `-cheworkspaces-namespaces-clusterrole`\n- `-cheworkspaces-devworkspace-clusterrole`\nwhere the is the namespace where the CheCluster CR is created.\nThe Che Operator must already have all permissions in these ClusterRoles to grant them." items: type: "string" type: "array" @@ -70,7 +70,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -82,7 +82,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -90,8 +90,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -102,8 +103,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -121,6 +123,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -128,7 +131,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -136,6 +139,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -164,14 +168,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -182,14 +186,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -212,20 +216,20 @@ spec: extraProperties: additionalProperties: type: "string" - description: "A map of additional environment variables applied in the generated `che` ConfigMap to be used by the Che server in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). If the `extraProperties` field contains a property normally generated in `che` ConfigMap from other CR fields, the value defined in the `extraProperties` is used instead." + description: "A map of additional environment variables applied in the generated `che` ConfigMap to be used by the Che server\nin addition to the values already generated from other fields of the `CheCluster` custom resource (CR).\nIf the `extraProperties` field contains a property normally generated in `che` ConfigMap from other CR fields,\nthe value defined in the `extraProperties` is used instead." type: "object" logLevel: default: "INFO" description: "The log level for the Che server: `INFO` or `DEBUG`." type: "string" proxy: - description: "Proxy server settings for Kubernetes cluster. No additional configuration is required for OpenShift cluster. By specifying these settings for the OpenShift cluster, you override the OpenShift proxy configuration." + description: "Proxy server settings for Kubernetes cluster. No additional configuration is required for OpenShift cluster.\nBy specifying these settings for the OpenShift cluster, you override the OpenShift proxy configuration." properties: credentialsSecretName: - description: "The secret name that contains `user` and `password` for a proxy server. The secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label." + description: "The secret name that contains `user` and `password` for a proxy server.\nThe secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label." type: "string" nonProxyHosts: - description: "A list of hosts that can be reached directly, bypassing the proxy. Specify wild card domain use the following form `.`, for example: - localhost - my.host.com - 123.42.12.32 Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration, defining `nonProxyHosts` in a custom resource leads to merging non-proxy hosts lists from the cluster proxy configuration, and the ones defined in the custom resources. See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html." + description: "A list of hosts that can be reached directly, bypassing the proxy.\nSpecify wild card domain use the following form `.`, for example:\n - localhost\n - my.host.com\n - 123.42.12.32\nUse only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration,\ndefining `nonProxyHosts` in a custom resource leads to merging non-proxy hosts lists from the cluster proxy configuration, and the ones defined in the custom resources.\nSee the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html." items: type: "string" type: "array" @@ -233,7 +237,7 @@ spec: description: "Proxy server port." type: "string" url: - description: "URL (protocol+hostname) of the proxy server. Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration, defining `url` in a custom resource leads to overriding the cluster proxy configuration. See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html." + description: "URL (protocol+hostname) of the proxy server.\nUse only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration,\ndefining `url` in a custom resource leads to overriding the cluster proxy configuration.\nSee the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html." type: "string" type: "object" type: "object" @@ -272,7 +276,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -284,7 +288,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -292,8 +296,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -304,8 +309,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -323,6 +329,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -330,7 +337,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -338,6 +345,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -366,14 +374,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -384,14 +392,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -438,7 +446,7 @@ spec: description: "DevWorkspace Operator configuration." properties: runningLimit: - description: "Deprecated in favor of `MaxNumberOfRunningWorkspacesPerUser` The maximum number of running workspaces per user." + description: "Deprecated in favor of `MaxNumberOfRunningWorkspacesPerUser`\nThe maximum number of running workspaces per user." type: "string" type: "object" devfileRegistry: @@ -461,7 +469,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -473,7 +481,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -481,8 +489,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -493,8 +502,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -512,6 +522,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -519,7 +530,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -527,6 +538,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -555,14 +567,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -573,14 +585,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -618,7 +630,7 @@ spec: description: "Kubernetes Image Puller configuration." properties: enable: - description: "Install and configure the community supported Kubernetes Image Puller Operator. When you set the value to `true` without providing any specs, it creates a default Kubernetes Image Puller object managed by the Operator. When you set the value to `false`, the Kubernetes Image Puller object is deleted, and the Operator uninstalled, regardless of whether a spec is provided. If you leave the `spec.images` field empty, a set of recommended workspace-related images is automatically detected and pre-pulled after installation. Note that while this Operator and its behavior is community-supported, its payload may be commercially-supported for pulling commercially-supported images." + description: "Install and configure the community supported Kubernetes Image Puller Operator. When you set the value to `true` without providing any specs,\nit creates a default Kubernetes Image Puller object managed by the Operator.\nWhen you set the value to `false`, the Kubernetes Image Puller object is deleted, and the Operator uninstalled,\nregardless of whether a spec is provided.\nIf you leave the `spec.images` field empty, a set of recommended workspace-related images is automatically detected and\npre-pulled after installation.\nNote that while this Operator and its behavior is community-supported, its payload may be commercially-supported\nfor pulling commercially-supported images." type: "boolean" spec: description: "A Kubernetes Image Puller spec to configure the image puller in the CheCluster." @@ -681,7 +693,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -693,7 +705,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -701,8 +713,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -713,8 +726,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -732,6 +746,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -739,7 +754,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -747,6 +762,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -775,14 +791,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -793,14 +809,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -842,10 +858,10 @@ spec: description: "Configuration of an alternative registry that stores Che images." properties: hostname: - description: "An optional hostname or URL of an alternative container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. This is particularly useful for installing Che in a restricted environment." + description: "An optional hostname or URL of an alternative container registry to pull images from.\nThis value overrides the container registry hostname defined in all the default container images involved in a Che deployment.\nThis is particularly useful for installing Che in a restricted environment." type: "string" organization: - description: "An optional repository name of an alternative registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful for installing Eclipse Che in a restricted environment." + description: "An optional repository name of an alternative registry to pull images from.\nThis value overrides the container registry organization defined in all the default container images involved in a Che deployment.\nThis is particularly useful for installing Eclipse Che in a restricted environment." type: "string" type: "object" devEnvironments: @@ -870,7 +886,7 @@ spec: type: "string" type: "object" defaultComponents: - description: "Default components applied to DevWorkspaces. These default components are meant to be used when a Devfile, that does not contain any components." + description: "Default components applied to DevWorkspaces.\nThese default components are meant to be used when a Devfile, that does not contain any components." items: properties: attributes: @@ -906,12 +922,12 @@ spec: type: "object" type: "object" args: - description: "The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. \n Defaults to an empty array, meaning use whatever is defined in the image." + description: "The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command.\n\n\nDefaults to an empty array, meaning use whatever is defined in the image." items: type: "string" type: "array" command: - description: "The command to run in the dockerimage component instead of the default one provided in the image. \n Defaults to an empty array, meaning use whatever is defined in the image." + description: "The command to run in the dockerimage component instead of the default one provided in the image.\n\n\nDefaults to an empty array, meaning use whatever is defined in the image." items: type: "string" type: "array" @@ -920,7 +936,7 @@ spec: cpuRequest: type: "string" dedicatedPod: - description: "Specify if a container should run in its own separated pod, instead of running as part of the main development environment pod. \n Default value is `false`" + description: "Specify if a container should run in its own separated pod,\ninstead of running as part of the main development environment pod.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -931,12 +947,12 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: default: "public" - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -951,7 +967,7 @@ spec: type: "string" protocol: default: "http" - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -961,10 +977,10 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" @@ -972,7 +988,7 @@ spec: type: "object" type: "array" env: - description: "Environment variables used in this container. \n The following variables are reserved and cannot be overridden via env: \n - `$PROJECTS_ROOT` \n - `$PROJECT_SOURCE`" + description: "Environment variables used in this container.\n\n\nThe following variables are reserved and cannot be overridden via env:\n\n\n - `$PROJECTS_ROOT`\n\n\n - `$PROJECT_SOURCE`" items: properties: name: @@ -991,11 +1007,11 @@ spec: memoryRequest: type: "string" mountSources: - description: "Toggles whether or not the project source code should be mounted in the component. \n Defaults to true for all component types except plugins and components that set `dedicatedPod` to true." + description: "Toggles whether or not the project source code should\nbe mounted in the component.\n\n\nDefaults to true for all component types except plugins and components that set `dedicatedPod` to true." type: "boolean" sourceMapping: default: "/projects" - description: "Optional specification of the path in the container where project sources should be transferred/mounted when `mountSources` is `true`. When omitted, the default value of /projects is used." + description: "Optional specification of the path in the container where\nproject sources should be transferred/mounted when `mountSources` is `true`.\nWhen omitted, the default value of /projects is used." type: "string" volumeMounts: description: "List of volumes mounts that should be mounted is this container." @@ -1003,12 +1019,12 @@ spec: description: "Volume that should be mounted to a component container" properties: name: - description: "The volume mount name is the name of an existing `Volume` component. If several containers mount the same volume name then they will reuse the same volume and will be able to access to the same files." + description: "The volume mount name is the name of an existing `Volume` component.\nIf several containers mount the same volume name\nthen they will reuse the same volume and will be able to access to the same files." maxLength: 63 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" path: - description: "The path in the component container where the volume should be mounted. If not path is mentioned, default path is the is `/`." + description: "The path in the component container where the volume should be mounted.\nIf not path is mentioned, default path is the is `/`." type: "string" required: - "name" @@ -1018,13 +1034,13 @@ spec: - "image" type: "object" custom: - description: "Custom component whose logic is implementation-dependant and should be provided by the user possibly through some dedicated controller" + description: "Custom component whose logic is implementation-dependant\nand should be provided by the user\npossibly through some dedicated controller" properties: componentClass: - description: "Class of component that the associated implementation controller should use to process this command with the appropriate logic" + description: "Class of component that the associated implementation controller\nshould use to process this command with the appropriate logic" type: "string" embeddedResource: - description: "Additional free-form configuration for this custom component that the implementation controller will know how to use" + description: "Additional free-form configuration for this custom component\nthat the implementation controller will know how to use" type: "object" x-kubernetes-embedded-resource: true x-kubernetes-preserve-unknown-fields: true @@ -1036,7 +1052,7 @@ spec: description: "Allows specifying the definition of an image for outer loop builds" properties: autoBuild: - description: "Defines if the image should be built during startup. \n Default value is `false`" + description: "Defines if the image should be built during startup.\n\n\nDefault value is `false`" type: "boolean" dockerfile: description: "Allows specifying dockerfile type build" @@ -1053,10 +1069,10 @@ spec: description: "Dockerfile's Devfile Registry source" properties: id: - description: "Id in a devfile registry that contains a Dockerfile. The src in the OCI registry required for the Dockerfile build will be downloaded for building the image." + description: "Id in a devfile registry that contains a Dockerfile. The src in the OCI registry\nrequired for the Dockerfile build will be downloaded for building the image." type: "string" registryUrl: - description: "Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. To ensure the Dockerfile gets resolved consistently in different environments, it is recommended to always specify the `devfileRegistryUrl` when `Id` is used." + description: "Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src.\nTo ensure the Dockerfile gets resolved consistently in different environments,\nit is recommended to always specify the `devfileRegistryUrl` when `Id` is used." type: "string" required: - "id" @@ -1071,22 +1087,22 @@ spec: description: "The remote name should be used as init. Required if there are more than one remote configured" type: "string" revision: - description: "The revision to checkout from. Should be branch name, tag or commit id. Default branch is used if missing or specified revision is not found." + description: "The revision to checkout from. Should be branch name, tag or commit id.\nDefault branch is used if missing or specified revision is not found." type: "string" type: "object" fileLocation: - description: "Location of the Dockerfile in the Git repository when using git as Dockerfile src. Defaults to Dockerfile." + description: "Location of the Dockerfile in the Git repository when using git as Dockerfile src.\nDefaults to Dockerfile." type: "string" remotes: additionalProperties: type: "string" - description: "The remotes map which should be initialized in the git project. Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured." + description: "The remotes map which should be initialized in the git project.\nProjects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured." type: "object" required: - "remotes" type: "object" rootRequired: - description: "Specify if a privileged builder pod is required. \n Default value is `false`" + description: "Specify if a privileged builder pod is required.\n\n\nDefault value is `false`" type: "boolean" srcType: description: "Type of Dockerfile src" @@ -1096,7 +1112,7 @@ spec: - "Git" type: "string" uri: - description: "URI Reference of a Dockerfile. It can be a full URL or a relative URI from the current devfile as the base URI." + description: "URI Reference of a Dockerfile.\nIt can be a full URL or a relative URI from the current devfile as the base URI." type: "string" type: "object" imageName: @@ -1111,10 +1127,10 @@ spec: - "imageName" type: "object" kubernetes: - description: "Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production." + description: "Allows importing into the devworkspace the Kubernetes resources\ndefined in a given manifest. For example this allows reusing the Kubernetes\ndefinitions used to deploy some runtime components in production." properties: deployByDefault: - description: "Defines if the component should be deployed during startup. \n Default value is `false`" + description: "Defines if the component should be deployed during startup.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -1125,12 +1141,12 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: default: "public" - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -1145,7 +1161,7 @@ spec: type: "string" protocol: default: "http" - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -1155,10 +1171,10 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" @@ -1179,15 +1195,15 @@ spec: type: "string" type: "object" name: - description: "Mandatory name that allows referencing the component from other elements (such as commands) or from an external devfile that may reference this component through a parent or a plugin." + description: "Mandatory name that allows referencing the component\nfrom other elements (such as commands) or from an external\ndevfile that may reference this component through a parent or a plugin." maxLength: 63 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" openshift: - description: "Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production." + description: "Allows importing into the devworkspace the OpenShift resources\ndefined in a given manifest. For example this allows reusing the OpenShift\ndefinitions used to deploy some runtime components in production." properties: deployByDefault: - description: "Defines if the component should be deployed during startup. \n Default value is `false`" + description: "Defines if the component should be deployed during startup.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -1198,12 +1214,12 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: default: "public" - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -1218,7 +1234,7 @@ spec: type: "string" protocol: default: "http" - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -1228,10 +1244,10 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" @@ -1252,14 +1268,14 @@ spec: type: "string" type: "object" plugin: - description: "Allows importing a plugin. \n Plugins are mainly imported devfiles that contribute components, commands and events as a consistent single unit. They are defined in either YAML files following the devfile syntax, or as `DevWorkspaceTemplate` Kubernetes Custom Resources" + description: "Allows importing a plugin.\n\n\nPlugins are mainly imported devfiles that contribute components, commands\nand events as a consistent single unit. They are defined in either YAML files\nfollowing the devfile syntax,\nor as `DevWorkspaceTemplate` Kubernetes Custom Resources" properties: commands: - description: "Overrides of commands encapsulated in a parent devfile or a plugin. Overriding is done according to K8S strategic merge patch standard rules." + description: "Overrides of commands encapsulated in a parent devfile or a plugin.\nOverriding is done according to K8S strategic merge patch standard rules." items: properties: apply: - description: "Command that consists in applying a given component definition, typically bound to a devworkspace event. \n For example, when an `apply` command is bound to a `preStart` event, and references a `container` component, it will start the container as a K8S initContainer in the devworkspace POD, unless the component has its `dedicatedPod` field set to `true`. \n When no `apply` command exist for a given component, it is assumed the component will be applied at devworkspace start by default, unless `deployByDefault` for that component is set to false." + description: "Command that consists in applying a given component definition,\ntypically bound to a devworkspace event.\n\n\nFor example, when an `apply` command is bound to a `preStart` event,\nand references a `container` component, it will start the container as a\nK8S initContainer in the devworkspace POD, unless the component has its\n`dedicatedPod` field set to `true`.\n\n\nWhen no `apply` command exist for a given component,\nit is assumed the component will be applied at devworkspace start\nby default, unless `deployByDefault` for that component is set to false." properties: component: description: "Describes component that will be applied" @@ -1281,7 +1297,7 @@ spec: type: "string" type: "object" label: - description: "Optional label that provides a label for this command to be used in Editor UI menus for example" + description: "Optional label that provides a label for this command\nto be used in Editor UI menus for example" type: "string" type: "object" attributes: @@ -1296,7 +1312,7 @@ spec: - "Composite" type: "string" composite: - description: "Composite command that allows executing several sub-commands either sequentially or concurrently" + description: "Composite command that allows executing several sub-commands\neither sequentially or concurrently" properties: commands: description: "The commands that comprise this composite command" @@ -1320,7 +1336,7 @@ spec: type: "string" type: "object" label: - description: "Optional label that provides a label for this command to be used in Editor UI menus for example" + description: "Optional label that provides a label for this command\nto be used in Editor UI menus for example" type: "string" parallel: description: "Indicates if the sub-commands should be executed concurrently" @@ -1330,13 +1346,13 @@ spec: description: "CLI Command executed in an existing component container" properties: commandLine: - description: "The actual command-line string \n Special variables that can be used: \n - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. \n - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one." + description: "The actual command-line string\n\n\nSpecial variables that can be used:\n\n\n - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping.\n\n\n - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one." type: "string" component: description: "Describes component to which given action relates" type: "string" env: - description: "Optional list of environment variables that have to be set before running the command" + description: "Optional list of environment variables that have to be set\nbefore running the command" items: properties: name: @@ -1364,17 +1380,17 @@ spec: type: "string" type: "object" hotReloadCapable: - description: "Specify whether the command is restarted or not when the source code changes. If set to `true` the command won't be restarted. A *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted. A *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again. This field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`. \n Default value is `false`" + description: "Specify whether the command is restarted or not when the source code changes.\nIf set to `true` the command won't be restarted.\nA *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted.\nA *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again.\nThis field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`.\n\n\nDefault value is `false`" type: "boolean" label: - description: "Optional label that provides a label for this command to be used in Editor UI menus for example" + description: "Optional label that provides a label for this command\nto be used in Editor UI menus for example" type: "string" workingDir: - description: "Working directory where the command should be executed \n Special variables that can be used: \n - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. \n - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one." + description: "Working directory where the command should be executed\n\n\nSpecial variables that can be used:\n\n\n - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping.\n\n\n - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one." type: "string" type: "object" id: - description: "Mandatory identifier that allows referencing this command in composite commands, from a parent, or in events." + description: "Mandatory identifier that allows referencing\nthis command in composite commands, from\na parent, or in events." maxLength: 63 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" @@ -1383,7 +1399,7 @@ spec: type: "object" type: "array" components: - description: "Overrides of components encapsulated in a parent devfile or a plugin. Overriding is done according to K8S strategic merge patch standard rules." + description: "Overrides of components encapsulated in a parent devfile or a plugin.\nOverriding is done according to K8S strategic merge patch standard rules." items: properties: attributes: @@ -1417,12 +1433,12 @@ spec: type: "object" type: "object" args: - description: "The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. \n Defaults to an empty array, meaning use whatever is defined in the image." + description: "The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command.\n\n\nDefaults to an empty array, meaning use whatever is defined in the image." items: type: "string" type: "array" command: - description: "The command to run in the dockerimage component instead of the default one provided in the image. \n Defaults to an empty array, meaning use whatever is defined in the image." + description: "The command to run in the dockerimage component instead of the default one provided in the image.\n\n\nDefaults to an empty array, meaning use whatever is defined in the image." items: type: "string" type: "array" @@ -1431,7 +1447,7 @@ spec: cpuRequest: type: "string" dedicatedPod: - description: "Specify if a container should run in its own separated pod, instead of running as part of the main development environment pod. \n Default value is `false`" + description: "Specify if a container should run in its own separated pod,\ninstead of running as part of the main development environment pod.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -1442,11 +1458,11 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -1460,7 +1476,7 @@ spec: description: "Path of the endpoint URL" type: "string" protocol: - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -1470,17 +1486,17 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" type: "object" type: "array" env: - description: "Environment variables used in this container. \n The following variables are reserved and cannot be overridden via env: \n - `$PROJECTS_ROOT` \n - `$PROJECT_SOURCE`" + description: "Environment variables used in this container.\n\n\nThe following variables are reserved and cannot be overridden via env:\n\n\n - `$PROJECTS_ROOT`\n\n\n - `$PROJECT_SOURCE`" items: properties: name: @@ -1498,10 +1514,10 @@ spec: memoryRequest: type: "string" mountSources: - description: "Toggles whether or not the project source code should be mounted in the component. \n Defaults to true for all component types except plugins and components that set `dedicatedPod` to true." + description: "Toggles whether or not the project source code should\nbe mounted in the component.\n\n\nDefaults to true for all component types except plugins and components that set `dedicatedPod` to true." type: "boolean" sourceMapping: - description: "Optional specification of the path in the container where project sources should be transferred/mounted when `mountSources` is `true`. When omitted, the default value of /projects is used." + description: "Optional specification of the path in the container where\nproject sources should be transferred/mounted when `mountSources` is `true`.\nWhen omitted, the default value of /projects is used." type: "string" volumeMounts: description: "List of volumes mounts that should be mounted is this container." @@ -1509,12 +1525,12 @@ spec: description: "Volume that should be mounted to a component container" properties: name: - description: "The volume mount name is the name of an existing `Volume` component. If several containers mount the same volume name then they will reuse the same volume and will be able to access to the same files." + description: "The volume mount name is the name of an existing `Volume` component.\nIf several containers mount the same volume name\nthen they will reuse the same volume and will be able to access to the same files." maxLength: 63 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" path: - description: "The path in the component container where the volume should be mounted. If not path is mentioned, default path is the is `/`." + description: "The path in the component container where the volume should be mounted.\nIf not path is mentioned, default path is the is `/`." type: "string" required: - "name" @@ -1525,7 +1541,7 @@ spec: description: "Allows specifying the definition of an image for outer loop builds" properties: autoBuild: - description: "Defines if the image should be built during startup. \n Default value is `false`" + description: "Defines if the image should be built during startup.\n\n\nDefault value is `false`" type: "boolean" dockerfile: description: "Allows specifying dockerfile type build" @@ -1542,10 +1558,10 @@ spec: description: "Dockerfile's Devfile Registry source" properties: id: - description: "Id in a devfile registry that contains a Dockerfile. The src in the OCI registry required for the Dockerfile build will be downloaded for building the image." + description: "Id in a devfile registry that contains a Dockerfile. The src in the OCI registry\nrequired for the Dockerfile build will be downloaded for building the image." type: "string" registryUrl: - description: "Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. To ensure the Dockerfile gets resolved consistently in different environments, it is recommended to always specify the `devfileRegistryUrl` when `Id` is used." + description: "Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src.\nTo ensure the Dockerfile gets resolved consistently in different environments,\nit is recommended to always specify the `devfileRegistryUrl` when `Id` is used." type: "string" type: "object" git: @@ -1558,20 +1574,20 @@ spec: description: "The remote name should be used as init. Required if there are more than one remote configured" type: "string" revision: - description: "The revision to checkout from. Should be branch name, tag or commit id. Default branch is used if missing or specified revision is not found." + description: "The revision to checkout from. Should be branch name, tag or commit id.\nDefault branch is used if missing or specified revision is not found." type: "string" type: "object" fileLocation: - description: "Location of the Dockerfile in the Git repository when using git as Dockerfile src. Defaults to Dockerfile." + description: "Location of the Dockerfile in the Git repository when using git as Dockerfile src.\nDefaults to Dockerfile." type: "string" remotes: additionalProperties: type: "string" - description: "The remotes map which should be initialized in the git project. Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured." + description: "The remotes map which should be initialized in the git project.\nProjects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured." type: "object" type: "object" rootRequired: - description: "Specify if a privileged builder pod is required. \n Default value is `false`" + description: "Specify if a privileged builder pod is required.\n\n\nDefault value is `false`" type: "boolean" srcType: description: "Type of Dockerfile src" @@ -1581,7 +1597,7 @@ spec: - "Git" type: "string" uri: - description: "URI Reference of a Dockerfile. It can be a full URL or a relative URI from the current devfile as the base URI." + description: "URI Reference of a Dockerfile.\nIt can be a full URL or a relative URI from the current devfile as the base URI." type: "string" type: "object" imageName: @@ -1595,10 +1611,10 @@ spec: type: "string" type: "object" kubernetes: - description: "Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production." + description: "Allows importing into the devworkspace the Kubernetes resources\ndefined in a given manifest. For example this allows reusing the Kubernetes\ndefinitions used to deploy some runtime components in production." properties: deployByDefault: - description: "Defines if the component should be deployed during startup. \n Default value is `false`" + description: "Defines if the component should be deployed during startup.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -1609,11 +1625,11 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -1627,7 +1643,7 @@ spec: description: "Path of the endpoint URL" type: "string" protocol: - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -1637,10 +1653,10 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" @@ -1660,15 +1676,15 @@ spec: type: "string" type: "object" name: - description: "Mandatory name that allows referencing the component from other elements (such as commands) or from an external devfile that may reference this component through a parent or a plugin." + description: "Mandatory name that allows referencing the component\nfrom other elements (such as commands) or from an external\ndevfile that may reference this component through a parent or a plugin." maxLength: 63 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" openshift: - description: "Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production." + description: "Allows importing into the devworkspace the OpenShift resources\ndefined in a given manifest. For example this allows reusing the OpenShift\ndefinitions used to deploy some runtime components in production." properties: deployByDefault: - description: "Defines if the component should be deployed during startup. \n Default value is `false`" + description: "Defines if the component should be deployed during startup.\n\n\nDefault value is `false`" type: "boolean" endpoints: items: @@ -1679,11 +1695,11 @@ spec: description: "Annotations to be added to Kubernetes Ingress or Openshift Route" type: "object" attributes: - description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + description: "Map of implementation-dependant string-based free-form attributes.\n\n\nExamples of Che-specific attributes:\n\n\n- cookiesAuthEnabled: \"true\" / \"false\",\n\n\n- type: \"terminal\" / \"ide\" / \"ide-dev\"," type: "object" x-kubernetes-preserve-unknown-fields: true exposure: - description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + description: "Describes how the endpoint should be exposed on the network.\n\n\n- `public` means that the endpoint will be exposed on the public network, typically through\na K8S ingress or an OpenShift route.\n\n\n- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,\ntypically by K8S services, to be consumed by other elements running\non the same cloud internal network.\n\n\n- `none` means that the endpoint will not be exposed and will only be accessible\ninside the main devworkspace POD, on a local address.\n\n\nDefault value is `public`" enum: - "public" - "internal" @@ -1697,7 +1713,7 @@ spec: description: "Path of the endpoint URL" type: "string" protocol: - description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + description: "Describes the application and transport protocols of the traffic that will go through this endpoint.\n\n\n- `http`: Endpoint will have `http` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `https` when the `secure` field is set to `true`.\n\n\n- `https`: Endpoint will have `https` traffic, typically on a TCP connection.\n\n\n- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.\nIt will be automaticaly promoted to `wss` when the `secure` field is set to `true`.\n\n\n- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.\n\n\n- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.\n\n\n- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.\n\n\nDefault value is `http`" enum: - "http" - "https" @@ -1707,10 +1723,10 @@ spec: - "udp" type: "string" secure: - description: "Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`." + description: "Describes whether the endpoint should be secured and protected by some\nauthentication process. This requires a protocol of `https` or `wss`." type: "boolean" targetPort: - description: "Port number to be used within the container component. The same port cannot be used by two different container components." + description: "Port number to be used within the container component. The same port cannot\nbe used by two different container components." type: "integer" required: - "name" @@ -1730,10 +1746,10 @@ spec: type: "string" type: "object" volume: - description: "Allows specifying the definition of a volume shared by several other components" + description: "Allows specifying the definition of a volume\nshared by several other components" properties: ephemeral: - description: "Ephemeral volumes are not stored persistently across restarts. Defaults to false" + description: "Ephemeral volumes are not stored persistently across restarts. Defaults\nto false" type: "boolean" size: description: "Size of the volume" @@ -1764,21 +1780,21 @@ spec: - "name" type: "object" registryUrl: - description: "Registry URL to pull the parent devfile from when using id in the parent reference. To ensure the parent devfile gets resolved consistently in different environments, it is recommended to always specify the `registryUrl` when `id` is used." + description: "Registry URL to pull the parent devfile from when using id in the parent reference.\nTo ensure the parent devfile gets resolved consistently in different environments,\nit is recommended to always specify the `registryUrl` when `id` is used." type: "string" uri: - description: "URI Reference of a parent devfile YAML file. It can be a full URL or a relative URI with the current devfile as the base URI." + description: "URI Reference of a parent devfile YAML file.\nIt can be a full URL or a relative URI with the current devfile as the base URI." type: "string" version: - description: "Specific stack/sample version to pull the parent devfile from, when using id in the parent reference. To specify `version`, `id` must be defined and used as the import reference source. `version` can be either a specific stack version, or `latest`. If no `version` specified, default version will be used." + description: "Specific stack/sample version to pull the parent devfile from, when using id in the parent reference.\nTo specify `version`, `id` must be defined and used as the import reference source.\n`version` can be either a specific stack version, or `latest`.\nIf no `version` specified, default version will be used." pattern: "^(latest)|(([1-9])\\.([0-9]+)\\.([0-9]+)(\\-[0-9a-z-]+(\\.[0-9a-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?)$" type: "string" type: "object" volume: - description: "Allows specifying the definition of a volume shared by several other components" + description: "Allows specifying the definition of a volume\nshared by several other components" properties: ephemeral: - description: "Ephemeral volumes are not stored persistently across restarts. Defaults to false" + description: "Ephemeral volumes are not stored persistently across restarts. Defaults\nto false" type: "boolean" size: description: "Size of the volume" @@ -1789,7 +1805,7 @@ spec: type: "object" type: "array" defaultEditor: - description: "The default editor to workspace create with. It could be a plugin ID or a URI. The plugin ID must have `publisher/name/version` format. The URI must start from `http://` or `https://`." + description: "The default editor to workspace create with. It could be a plugin ID or a URI.\nThe plugin ID must have `publisher/name/version` format.\nThe URI must start from `http://` or `https://`." type: "string" defaultNamespace: default: @@ -1799,11 +1815,11 @@ spec: properties: autoProvision: default: true - description: "Indicates if is allowed to automatically create a user namespace. If it set to false, then user namespace must be pre-created by a cluster administrator." + description: "Indicates if is allowed to automatically create a user namespace.\nIf it set to false, then user namespace must be pre-created by a cluster administrator." type: "boolean" template: default: "-che" - description: "If you don't create the user namespaces in advance, this field defines the Kubernetes namespace created when you start your first workspace. You can use `` and `` placeholders, such as che-workspace-." + description: "If you don't create the user namespaces in advance, this field defines the Kubernetes namespace created when you start your first workspace.\nYou can use `` and `` placeholders, such as che-workspace-." pattern: "|" type: "string" type: "object" @@ -1812,7 +1828,7 @@ spec: items: properties: editor: - description: "The editor ID to specify default plug-ins for. The plugin ID must have `publisher/name/version` format." + description: "The editor ID to specify default plug-ins for.\nThe plugin ID must have `publisher/name/version` format." type: "string" plugins: description: "Default plug-in URIs for the specified editor." @@ -1822,13 +1838,13 @@ spec: type: "object" type: "array" deploymentStrategy: - description: "DeploymentStrategy defines the deployment strategy to use to replace existing workspace pods with new ones. The available deployment stragies are `Recreate` and `RollingUpdate`. With the `Recreate` deployment strategy, the existing workspace pod is killed before the new one is created. With the `RollingUpdate` deployment strategy, a new workspace pod is created and the existing workspace pod is deleted only when the new workspace pod is in a ready state. If not specified, the default `Recreate` deployment strategy is used." + description: "DeploymentStrategy defines the deployment strategy to use to replace existing workspace pods\nwith new ones. The available deployment stragies are `Recreate` and `RollingUpdate`.\nWith the `Recreate` deployment strategy, the existing workspace pod is killed before the new one is created.\nWith the `RollingUpdate` deployment strategy, a new workspace pod is created and the existing workspace pod is deleted\nonly when the new workspace pod is in a ready state.\nIf not specified, the default `Recreate` deployment strategy is used." enum: - "Recreate" - "RollingUpdate" type: "string" disableContainerBuildCapabilities: - description: "Disables the container build capabilities. When set to `false` (the default value), the devEnvironments.security.containerSecurityContext field is ignored, and the following container SecurityContext is applied: \n containerSecurityContext: allowPrivilegeEscalation: true capabilities: add: - SETGID - SETUID" + description: "Disables the container build capabilities.\nWhen set to `false` (the default value), the devEnvironments.security.containerSecurityContext\nfield is ignored, and the following container SecurityContext is applied:\n\n\n containerSecurityContext:\n allowPrivilegeEscalation: true\n capabilities:\n add:\n - SETGID\n - SETUID" type: "boolean" gatewayContainer: description: "GatewayContainer configuration." @@ -1842,7 +1858,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -1854,7 +1870,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1862,8 +1878,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -1874,8 +1891,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -1893,6 +1911,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -1900,7 +1919,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1908,6 +1927,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -1936,14 +1956,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -1954,14 +1974,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -1975,13 +1995,13 @@ spec: - "Never" type: "string" maxNumberOfRunningWorkspacesPerUser: - description: "The maximum number of running workspaces per user. The value, -1, allows users to run an unlimited number of workspaces." + description: "The maximum number of running workspaces per user.\nThe value, -1, allows users to run an unlimited number of workspaces." format: "int64" minimum: -1.0 type: "integer" maxNumberOfWorkspacesPerUser: default: -1 - description: "Total number of workspaces, both stopped and running, that a user can keep. The value, -1, allows users to keep an unlimited number of workspaces." + description: "Total number of workspaces, both stopped and running, that a user can keep.\nThe value, -1, allows users to keep an unlimited number of workspaces." format: "int64" minimum: -1.0 type: "integer" @@ -1991,14 +2011,14 @@ spec: description: "The node selector limits the nodes that can run the workspace pods." type: "object" persistUserHome: - description: "PersistUserHome defines configuration options for persisting the user home directory in workspaces." + description: "PersistUserHome defines configuration options for persisting the\nuser home directory in workspaces." properties: enabled: - description: "Determines whether the user home directory in workspaces should persist between workspace shutdown and startup. Must be used with the 'per-user' or 'per-workspace' PVC strategy in order to take effect. Disabled by default." + description: "Determines whether the user home directory in workspaces should persist between\nworkspace shutdown and startup.\nMust be used with the 'per-user' or 'per-workspace' PVC strategy in order to take effect.\nDisabled by default." type: "boolean" type: "object" podSchedulerName: - description: "Pod scheduler for the workspace pods. If not specified, the pod scheduler is set to the default scheduler on the cluster." + description: "Pod scheduler for the workspace pods.\nIf not specified, the pod scheduler is set to the default scheduler on the cluster." type: "string" projectCloneContainer: description: "Project clone container configuration." @@ -2012,7 +2032,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -2024,7 +2044,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2032,8 +2052,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -2044,8 +2065,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -2063,6 +2085,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -2070,7 +2093,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2078,6 +2101,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -2106,14 +2130,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -2124,14 +2148,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -2139,25 +2163,25 @@ spec: type: "object" secondsOfInactivityBeforeIdling: default: 1800 - description: "Idle timeout for workspaces in seconds. This timeout is the duration after which a workspace will be idled if there is no activity. To disable workspace idling due to inactivity, set this value to -1." + description: "Idle timeout for workspaces in seconds.\nThis timeout is the duration after which a workspace will be idled if there is no activity.\nTo disable workspace idling due to inactivity, set this value to -1." format: "int32" type: "integer" secondsOfRunBeforeIdling: default: -1 - description: "Run timeout for workspaces in seconds. This timeout is the maximum duration a workspace runs. To disable workspace run timeout, set this value to -1." + description: "Run timeout for workspaces in seconds.\nThis timeout is the maximum duration a workspace runs.\nTo disable workspace run timeout, set this value to -1." format: "int32" type: "integer" security: description: "Workspace security configuration." properties: containerSecurityContext: - description: "Container SecurityContext used by all workspace-related containers. If set, defined values are merged into the default Container SecurityContext configuration. Requires devEnvironments.disableContainerBuildCapabilities to be set to `true` in order to take effect." + description: "Container SecurityContext used by all workspace-related containers.\nIf set, defined values are merged into the default Container SecurityContext configuration.\nRequires devEnvironments.disableContainerBuildCapabilities to be set to `true` in order to take effect." properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -2173,27 +2197,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -2209,57 +2233,57 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust only be set if type is \"Localhost\"." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nThis field is alpha-level and will only be honored by components that enable the\nWindowsHostProcessContainers feature flag. Setting this field without the feature\nflag will result in errors when validating the Pod. All of a Pod's containers must\nhave the same effective HostProcess value (it is not allowed to have a mix of HostProcess\ncontainers and non-HostProcess containers). In addition, if HostProcess is true\nthen HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" podSecurityContext: - description: "PodSecurityContext used by all workspace-related pods. If set, defined values are merged into the default PodSecurityContext configuration." + description: "PodSecurityContext used by all workspace-related pods.\nIf set, defined values are merged into the default PodSecurityContext configuration." properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: - description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows." + description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows." type: "string" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -2275,25 +2299,25 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust only be set if type is \"Localhost\"." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" sysctls: - description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows." + description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: description: "Sysctl defines a kernel parameter to be set" properties: @@ -2309,19 +2333,19 @@ spec: type: "object" type: "array" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nThis field is alpha-level and will only be honored by components that enable the\nWindowsHostProcessContainers feature flag. Setting this field without the feature\nflag will result in errors when validating the Pod. All of a Pod's containers must\nhave the same effective HostProcess value (it is not allowed to have a mix of HostProcess\ncontainers and non-HostProcess containers). In addition, if HostProcess is true\nthen HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" @@ -2336,22 +2360,22 @@ spec: items: properties: audience: - description: "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + description: "Audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." type: "string" expirationSeconds: default: 3600 - description: "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours. Defaults to 1 hour and must be at least 10 minutes." + description: "ExpirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours. Defaults to 1 hour\nand must be at least 10 minutes." format: "int64" minimum: 600.0 type: "integer" mountPath: - description: "Path within the workspace container at which the token should be mounted. Must not contain ':'." + description: "Path within the workspace container at which the token should be mounted. Must\nnot contain ':'." type: "string" name: - description: "Identifiable name of the ServiceAccount token. If multiple ServiceAccount tokens use the same mount path, a generic name will be used for the projected volume instead." + description: "Identifiable name of the ServiceAccount token.\nIf multiple ServiceAccount tokens use the same mount path, a generic name will be used\nfor the projected volume instead." type: "string" path: - description: "Path is the path relative to the mount point of the file to project the token into." + description: "Path is the path relative to the mount point of the file to project the\ntoken into." type: "string" required: - "mountPath" @@ -2361,7 +2385,7 @@ spec: type: "array" startTimeoutSeconds: default: 300 - description: "StartTimeoutSeconds determines the maximum duration (in seconds) that a workspace can take to start before it is automatically failed. If not specified, the default value of 300 seconds (5 minutes) is used." + description: "StartTimeoutSeconds determines the maximum duration (in seconds) that a workspace can take to start\nbefore it is automatically failed.\nIf not specified, the default value of 300 seconds (5 minutes) is used." format: "int32" minimum: 1.0 type: "integer" @@ -2392,7 +2416,7 @@ spec: type: "object" pvcStrategy: default: "per-user" - description: "Persistent volume claim strategy for the Che server. The supported strategies are: `per-user` (all workspaces PVCs in one volume), `per-workspace` (each workspace is given its own individual PVC) and `ephemeral` (non-persistent storage where local changes will be lost when the workspace is stopped.)" + description: "Persistent volume claim strategy for the Che server.\nThe supported strategies are: `per-user` (all workspaces PVCs in one volume),\n`per-workspace` (each workspace is given its own individual PVC)\nand `ephemeral` (non-persistent storage where local changes will be lost when\nthe workspace is stopped.)" enum: - "common" - "per-user" @@ -2403,23 +2427,23 @@ spec: tolerations: description: "The pod tolerations of the workspace pods limit where the workspace pods can run." items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" @@ -2427,14 +2451,14 @@ spec: description: "Trusted certificate settings." properties: gitTrustedCertsConfigMapName: - description: "The ConfigMap contains certificates to propagate to the Che components and to provide a particular configuration for Git. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/deploying-che-with-support-for-git-repositories-with-self-signed-certificates/ The ConfigMap must have a `app.kubernetes.io/part-of=che.eclipse.org` label." + description: "The ConfigMap contains certificates to propagate to the Che components and to provide a particular configuration for Git.\nSee the following page: https://www.eclipse.org/che/docs/stable/administration-guide/deploying-che-with-support-for-git-repositories-with-self-signed-certificates/\nThe ConfigMap must have a `app.kubernetes.io/part-of=che.eclipse.org` label." type: "string" type: "object" user: description: "User configuration." properties: clusterRoles: - description: "Additional ClusterRoles assigned to the user. The role must have `app.kubernetes.io/part-of=che.eclipse.org` label." + description: "Additional ClusterRoles assigned to the user.\nThe role must have `app.kubernetes.io/part-of=che.eclipse.org` label." items: type: "string" type: "array" @@ -2449,7 +2473,7 @@ spec: description: "AzureDevOpsService enables users to work with repositories hosted on Azure DevOps Service (dev.azure.com)." properties: secretName: - description: "Kubernetes secret, that contains Base64-encoded Azure DevOps Service Application ID and Client Secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-microsoft-azure-devops-services" + description: "Kubernetes secret, that contains Base64-encoded Azure DevOps Service Application ID and Client Secret.\nSee the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-microsoft-azure-devops-services" type: "string" required: - "secretName" @@ -2461,10 +2485,10 @@ spec: description: "BitBucketService enables users to work with repositories hosted on Bitbucket (bitbucket.org or self-hosted)." properties: endpoint: - description: "Bitbucket server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/." + description: "Bitbucket server endpoint URL.\nDeprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.\nSee the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/." type: "string" secretName: - description: "Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/." + description: "Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data.\nSee the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/\nand https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/." type: "string" required: - "secretName" @@ -2476,13 +2500,13 @@ spec: description: "GitHubService enables users to work with repositories hosted on GitHub (GitHub.com or GitHub Enterprise)." properties: disableSubdomainIsolation: - description: "Disables subdomain isolation. Deprecated in favor of `che.eclipse.org/scm-github-disable-subdomain-isolation` annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/." + description: "Disables subdomain isolation.\nDeprecated in favor of `che.eclipse.org/scm-github-disable-subdomain-isolation` annotation.\nSee the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/." type: "boolean" endpoint: - description: "GitHub server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/." + description: "GitHub server endpoint URL.\nDeprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.\nSee the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/." type: "string" secretName: - description: "Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/." + description: "Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret.\nSee the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/." type: "string" required: - "secretName" @@ -2494,10 +2518,10 @@ spec: description: "GitLabService enables users to work with repositories hosted on GitLab (gitlab.com or self-hosted)." properties: endpoint: - description: "GitLab server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/." + description: "GitLab server endpoint URL.\nDeprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.\nSee the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/." type: "string" secretName: - description: "Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/." + description: "Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret.\nSee the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/." type: "string" required: - "secretName" @@ -2516,7 +2540,7 @@ spec: annotations: additionalProperties: type: "string" - description: "Defines annotations which will be set for an Ingress (a route for OpenShift platform). The defaults for kubernetes platforms are: kubernetes.io/ingress.class: \"nginx\" nginx.ingress.kubernetes.io/proxy-read-timeout: \"3600\", nginx.ingress.kubernetes.io/proxy-connect-timeout: \"3600\", nginx.ingress.kubernetes.io/ssl-redirect: \"true\"" + description: "Defines annotations which will be set for an Ingress (a route for OpenShift platform).\nThe defaults for kubernetes platforms are:\n kubernetes.io/ingress.class: \"nginx\"\n nginx.ingress.kubernetes.io/proxy-read-timeout: \"3600\",\n nginx.ingress.kubernetes.io/proxy-connect-timeout: \"3600\",\n nginx.ingress.kubernetes.io/ssl-redirect: \"true\"" type: "object" auth: default: @@ -2527,7 +2551,7 @@ spec: description: "Authentication settings." properties: advancedAuthorization: - description: "Advance authorization settings. Determines which users and groups are allowed to access Che. User is allowed to access Che if he/she is either in the `allowUsers` list or is member of group from `allowGroups` list and not in neither the `denyUsers` list nor is member of group from `denyGroups` list. If `allowUsers` and `allowGroups` are empty, then all users are allowed to access Che. if `denyUsers` and `denyGroups` are empty, then no users are denied to access Che." + description: "Advance authorization settings. Determines which users and groups are allowed to access Che.\nUser is allowed to access Che if he/she is either in the `allowUsers` list or is member of group from `allowGroups` list\nand not in neither the `denyUsers` list nor is member of group from `denyGroups` list.\nIf `allowUsers` and `allowGroups` are empty, then all users are allowed to access Che.\nif `denyUsers` and `denyGroups` are empty, then no users are denied to access Che." properties: allowGroups: description: "List of groups allowed to access Che (currently supported in OpenShift only)." @@ -2566,7 +2590,7 @@ spec: description: "Gateway configuration labels." type: "object" deployment: - description: "Deployment override options. Since gateway deployment consists of several containers, they must be distinguished in the configuration by their names: - `gateway` - `configbump` - `oauth-proxy` - `kube-rbac-proxy`" + description: "Deployment override options.\nSince gateway deployment consists of several containers, they must be distinguished in the configuration by their names:\n- `gateway`\n- `configbump`\n- `oauth-proxy`\n- `kube-rbac-proxy`" properties: containers: description: "List of containers belonging to the pod." @@ -2582,7 +2606,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -2594,7 +2618,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2602,8 +2626,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -2614,8 +2639,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -2633,6 +2659,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -2640,7 +2667,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2648,6 +2675,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -2676,14 +2704,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -2694,14 +2722,14 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "CPU, in cores. (500m = .5 cores)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true memory: anyOf: - type: "integer" - type: "string" - description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component." + description: "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)\nIf the value is not specified, then the default value is set depending on the component.\nIf value is `0`, then no value is set for the component." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -2761,37 +2789,37 @@ spec: description: "Public URL of the Identity Provider server." type: "string" identityToken: - description: "Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`. Default value is `id_token`. This field is specific to Che installations made for Kubernetes only and ignored for OpenShift." + description: "Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`.\nDefault value is `id_token`.\nThis field is specific to Che installations made for Kubernetes only and ignored for OpenShift." enum: - "id_token" - "access_token" type: "string" oAuthAccessTokenInactivityTimeoutSeconds: - description: "Inactivity timeout for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. 0 means tokens for this client never time out." + description: "Inactivity timeout for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side.\n0 means tokens for this client never time out." format: "int32" type: "integer" oAuthAccessTokenMaxAgeSeconds: - description: "Access token max age for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. 0 means no expiration." + description: "Access token max age for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side.\n0 means no expiration." format: "int32" type: "integer" oAuthClientName: description: "Name of the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side." type: "string" oAuthScope: - description: "Access Token Scope. This field is specific to Che installations made for Kubernetes only and ignored for OpenShift." + description: "Access Token Scope.\nThis field is specific to Che installations made for Kubernetes only and ignored for OpenShift." type: "string" oAuthSecret: - description: "Name of the secret set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. For Kubernetes, this can either be the plain text oAuthSecret value, or the name of a kubernetes secret which contains a key `oAuthSecret` and the value is the secret. NOTE: this secret must exist in the same namespace as the `CheCluster` resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`." + description: "Name of the secret set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side.\nFor Kubernetes, this can either be the plain text oAuthSecret value, or the name of a kubernetes secret which contains a\nkey `oAuthSecret` and the value is the secret. NOTE: this secret must exist in the same namespace as the `CheCluster`\nresource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`." type: "string" type: "object" domain: - description: "For an OpenShift cluster, the Operator uses the domain to generate a hostname for the route. The generated hostname follows this pattern: che-.. The is the namespace where the CheCluster CRD is created. In conjunction with labels, it creates a route served by a non-default Ingress controller. For a Kubernetes cluster, it contains a global ingress domain. There are no default values: you must specify them." + description: "For an OpenShift cluster, the Operator uses the domain to generate a hostname for the route.\nThe generated hostname follows this pattern: che-.. The is the namespace where the CheCluster CRD is created.\nIn conjunction with labels, it creates a route served by a non-default Ingress controller.\nFor a Kubernetes cluster, it contains a global ingress domain. There are no default values: you must specify them." type: "string" hostname: description: "The public hostname of the installed Che server." type: "string" ingressClassName: - description: "IngressClassName is the name of an IngressClass cluster resource. If a class name is defined in both the `IngressClassName` field and the `kubernetes.io/ingress.class` annotation, `IngressClassName` field takes precedence." + description: "IngressClassName is the name of an IngressClass cluster resource.\nIf a class name is defined in both the `IngressClassName` field and the `kubernetes.io/ingress.class` annotation,\n`IngressClassName` field takes precedence." type: "string" labels: additionalProperties: @@ -2799,7 +2827,7 @@ spec: description: "Defines labels which will be set for an Ingress (a route for OpenShift platform)." type: "object" tlsSecretName: - description: "The name of the secret used to set up Ingress TLS termination. If the field is an empty string, the default cluster certificate is used. The secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label." + description: "The name of the secret used to set up Ingress TLS termination.\nIf the field is an empty string, the default cluster certificate is used.\nThe secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label." type: "string" type: "object" type: "object" @@ -2831,7 +2859,7 @@ spec: description: "A brief CamelCase message indicating details about why the Che deployment is in the current phase." type: "string" workspaceBaseDomain: - description: "The resolved workspace base domain. This is either the copy of the explicitly defined property of the same name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically resolved basedomain for routes." + description: "The resolved workspace base domain. This is either the copy of the explicitly defined property of the\nsame name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically\nresolved basedomain for routes." type: "string" type: "object" type: "object" @@ -2839,9 +2867,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml index a21566068..2398ee339 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml @@ -885,6 +885,9 @@ spec: - "serviceAccountRef" type: "object" type: "object" + location: + description: "Location optionally defines a location for a secret" + type: "string" projectID: description: "ProjectID project where secret is located" type: "string" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml index e3cad5e8a..822741e48 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml @@ -885,6 +885,9 @@ spec: - "serviceAccountRef" type: "object" type: "object" + location: + description: "Location optionally defines a location for a secret" + type: "string" projectID: description: "ProjectID project where secret is located" type: "string" diff --git a/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/clusteroutputs.yaml b/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/clusteroutputs.yaml index 77e22adf7..5fa5385e5 100644 --- a/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/clusteroutputs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/clusteroutputs.yaml @@ -614,6 +614,165 @@ spec: type: "object" type: "object" type: "object" + elasticsearchDataStream: + description: "out_es datastreams plugin" + properties: + caFile: + description: "Optional, Absolute path to CA certificate file" + type: "string" + clientCert: + description: "Optional, Absolute path to client Certificate file" + type: "string" + clientKey: + description: "Optional, Absolute path to client private Key file" + type: "string" + clientKeyPassword: + description: "Optional, password for ClientKey file" + properties: + valueFrom: + description: "ValueSource defines how to find a value's key." + properties: + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "object" + cloudAuth: + description: "Authenticate towards Elastic Cloud using cloudAuth." + properties: + valueFrom: + description: "ValueSource defines how to find a value's key." + properties: + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "object" + cloudId: + description: "Authenticate towards Elastic Cloud using CloudId. If set, cloudAuth must be set as well and host, port, user and password are ignored." + properties: + valueFrom: + description: "ValueSource defines how to find a value's key." + properties: + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "object" + dataStreamName: + description: "You can specify Elasticsearch data stream name by this parameter. This parameter is mandatory for elasticsearch_data_stream" + type: "string" + host: + description: "The hostname of your Elasticsearch node (default: localhost)." + type: "string" + hosts: + description: "Hosts defines a list of hosts if you want to connect to more than one Elasticsearch nodes" + type: "string" + password: + description: "Optional, The login credentials to connect to Elasticsearch" + properties: + valueFrom: + description: "ValueSource defines how to find a value's key." + properties: + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "object" + path: + description: "Path defines the REST API endpoint of Elasticsearch to post write requests (default: nil)." + type: "string" + port: + description: "The port number of your Elasticsearch node (default: 9200)." + format: "int32" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + scheme: + description: "Specify https if your Elasticsearch endpoint supports SSL (default: http)." + type: "string" + sslVerify: + description: "Optional, Force certificate validation" + type: "boolean" + user: + description: "Optional, The login credentials to connect to Elasticsearch" + properties: + valueFrom: + description: "ValueSource defines how to find a value's key." + properties: + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "object" + required: + - "dataStreamName" + type: "object" format: description: "format section" properties: diff --git a/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/outputs.yaml b/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/outputs.yaml index 61465f35b..3c6b5d3d7 100644 --- a/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/outputs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/outputs.yaml @@ -614,6 +614,165 @@ spec: type: "object" type: "object" type: "object" + elasticsearchDataStream: + description: "out_es datastreams plugin" + properties: + caFile: + description: "Optional, Absolute path to CA certificate file" + type: "string" + clientCert: + description: "Optional, Absolute path to client Certificate file" + type: "string" + clientKey: + description: "Optional, Absolute path to client private Key file" + type: "string" + clientKeyPassword: + description: "Optional, password for ClientKey file" + properties: + valueFrom: + description: "ValueSource defines how to find a value's key." + properties: + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "object" + cloudAuth: + description: "Authenticate towards Elastic Cloud using cloudAuth." + properties: + valueFrom: + description: "ValueSource defines how to find a value's key." + properties: + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "object" + cloudId: + description: "Authenticate towards Elastic Cloud using CloudId. If set, cloudAuth must be set as well and host, port, user and password are ignored." + properties: + valueFrom: + description: "ValueSource defines how to find a value's key." + properties: + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "object" + dataStreamName: + description: "You can specify Elasticsearch data stream name by this parameter. This parameter is mandatory for elasticsearch_data_stream" + type: "string" + host: + description: "The hostname of your Elasticsearch node (default: localhost)." + type: "string" + hosts: + description: "Hosts defines a list of hosts if you want to connect to more than one Elasticsearch nodes" + type: "string" + password: + description: "Optional, The login credentials to connect to Elasticsearch" + properties: + valueFrom: + description: "ValueSource defines how to find a value's key." + properties: + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "object" + path: + description: "Path defines the REST API endpoint of Elasticsearch to post write requests (default: nil)." + type: "string" + port: + description: "The port number of your Elasticsearch node (default: 9200)." + format: "int32" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + scheme: + description: "Specify https if your Elasticsearch endpoint supports SSL (default: http)." + type: "string" + sslVerify: + description: "Optional, Force certificate validation" + type: "boolean" + user: + description: "Optional, The login credentials to connect to Elasticsearch" + properties: + valueFrom: + description: "ValueSource defines how to find a value's key." + properties: + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "object" + required: + - "dataStreamName" + type: "object" format: description: "format section" properties: diff --git a/crd-catalog/grafana/loki/loki.grafana.com/v1/lokistacks.yaml b/crd-catalog/grafana/loki/loki.grafana.com/v1/lokistacks.yaml index 0963496bc..644f6f2f3 100644 --- a/crd-catalog/grafana/loki/loki.grafana.com/v1/lokistacks.yaml +++ b/crd-catalog/grafana/loki/loki.grafana.com/v1/lokistacks.yaml @@ -438,10 +438,10 @@ spec: version: "v11" description: "Schemas for reading and writing logs." items: - description: "ObjectStorageSchema defines the requirements needed to configure a new\nstorage schema." + description: "ObjectStorageSchema defines a schema version and the date when it will become effective." properties: effectiveDate: - description: "EffectiveDate is the date in UTC that the schema will be applied on.\nTo ensure readibility of logs, this date should be before the current\ndate in UTC." + description: "EffectiveDate contains a date in YYYY-MM-DD format which is interpreted in the UTC time zone.\n\n\nThe configuration always needs at least one schema that is currently valid. This means that when creating a new\nLokiStack it is recommended to add a schema with the latest available version and an effective date of \"yesterday\".\nNew schema versions added to the configuration always needs to be placed \"in the future\", so that Loki can start\nusing it once the day rolls over." pattern: "^([0-9]{4,})([-]([0-9]{2})){2}$" type: "string" version: @@ -2477,10 +2477,10 @@ spec: schemas: description: "Schemas is a list of schemas which have been applied\nto the LokiStack." items: - description: "ObjectStorageSchema defines the requirements needed to configure a new\nstorage schema." + description: "ObjectStorageSchema defines a schema version and the date when it will become effective." properties: effectiveDate: - description: "EffectiveDate is the date in UTC that the schema will be applied on.\nTo ensure readibility of logs, this date should be before the current\ndate in UTC." + description: "EffectiveDate contains a date in YYYY-MM-DD format which is interpreted in the UTC time zone.\n\n\nThe configuration always needs at least one schema that is currently valid. This means that when creating a new\nLokiStack it is recommended to add a schema with the latest available version and an effective date of \"yesterday\".\nNew schema versions added to the configuration always needs to be placed \"in the future\", so that Loki can start\nusing it once the day rolls over." pattern: "^([0-9]{4,})([-]([0-9]{2})){2}$" type: "string" version: diff --git a/crd-catalog/hashicorp/vault-secrets-operator/secrets.hashicorp.com/v1beta1/vaultauths.yaml b/crd-catalog/hashicorp/vault-secrets-operator/secrets.hashicorp.com/v1beta1/vaultauths.yaml index 9a343332c..5c205ff99 100644 --- a/crd-catalog/hashicorp/vault-secrets-operator/secrets.hashicorp.com/v1beta1/vaultauths.yaml +++ b/crd-catalog/hashicorp/vault-secrets-operator/secrets.hashicorp.com/v1beta1/vaultauths.yaml @@ -43,9 +43,6 @@ spec: secretRef: description: "SecretRef is the name of a Kubernetes secret in the consumer's (VDS/VSS/PKI) namespace which\nprovides the AppRole Role's SecretID. The secret must have a key named `id` which holds the\nAppRole Role's secretID." type: "string" - required: - - "roleId" - - "secretRef" type: "object" aws: description: "AWS specific auth configuration, requires that Method be set to `aws`." @@ -74,8 +71,6 @@ spec: stsEndpoint: description: "The STS endpoint to use; if not set will use the default" type: "string" - required: - - "role" type: "object" gcp: description: "GCP specific auth configuration, requires that Method be set to `gcp`." @@ -95,9 +90,6 @@ spec: workloadIdentityServiceAccount: description: "WorkloadIdentityServiceAccount is the name of a Kubernetes service\naccount (in the same Kubernetes namespace as the Vault*Secret referencing\nthis resource) which has been configured for workload identity in GKE.\nShould be annotated with \"iam.gke.io/gcp-service-account\"." type: "string" - required: - - "role" - - "workloadIdentityServiceAccount" type: "object" headers: additionalProperties: @@ -127,8 +119,6 @@ spec: format: "int64" minimum: 600.0 type: "integer" - required: - - "role" type: "object" kubernetes: description: "Kubernetes specific auth configuration, requires that the Method be set to `kubernetes`." @@ -150,9 +140,6 @@ spec: format: "int64" minimum: 600.0 type: "integer" - required: - - "role" - - "serviceAccount" type: "object" method: description: "Method to use when authenticating to Vault." @@ -187,24 +174,95 @@ spec: - "keyName" - "mount" type: "object" + vaultAuthGlobalRef: + description: "VaultAuthGlobalRef." + properties: + mergeStrategy: + description: "MergeStrategy configures the merge strategy for HTTP headers and parameters\nthat are included in all Vault authentication requests." + properties: + headers: + description: "Headers configures the merge strategy for HTTP headers that are included in\nall Vault requests. Choices are `union`, `replace`, or `none`.\n\n\nIf `union` is set, the headers from the VaultAuthGlobal and VaultAuth\nresources are merged. The headers from the VaultAuth always take precedence.\n\n\nIf `replace` is set, the first set of non-empty headers taken in order from:\nVaultAuth, VaultAuthGlobal auth method, VaultGlobal default headers.\n\n\nIf `none` is set, the headers from the\nVaultAuthGlobal resource are ignored and only the headers from the VaultAuth\nresource are used. The default is `none`." + enum: + - "union" + - "replace" + - "none" + type: "string" + params: + description: "Params configures the merge strategy for HTTP parameters that are included in\nall Vault requests. Choices are `union`, `replace`, or `none`.\n\n\nIf `union` is set, the parameters from the VaultAuthGlobal and VaultAuth\nresources are merged. The parameters from the VaultAuth always take\nprecedence.\n\n\nIf `replace` is set, the first set of non-empty parameters taken in order from:\nVaultAuth, VaultAuthGlobal auth method, VaultGlobal default parameters.\n\n\nIf `none` is set, the parameters from the VaultAuthGlobal resource are ignored\nand only the parameters from the VaultAuth resource are used. The default is\n`none`." + enum: + - "union" + - "replace" + - "none" + type: "string" + type: "object" + name: + description: "Name of the VaultAuthGlobal resource." + pattern: "^([a-z0-9.-]{1,253})$" + type: "string" + namespace: + description: "Namespace of the VaultAuthGlobal resource. If not provided, the namespace of\nthe referring VaultAuth resource is used." + pattern: "^([a-z0-9.-]{1,253})$" + type: "string" + required: + - "name" + type: "object" vaultConnectionRef: description: "VaultConnectionRef to the VaultConnection resource, can be prefixed with a namespace,\neg: `namespaceA/vaultConnectionRefB`. If no namespace prefix is provided it will default to\nnamespace of the VaultConnection CR. If no value is specified for VaultConnectionRef the\nOperator will default to the `default` VaultConnection, configured in the operator's namespace." type: "string" - required: - - "method" - - "mount" type: "object" status: description: "VaultAuthStatus defines the observed state of VaultAuth" properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + type: "array" error: type: "string" + specHash: + type: "string" valid: description: "Valid auth mechanism." type: "boolean" - required: - - "error" - - "valid" type: "object" type: "object" served: true diff --git a/crd-catalog/hazelcast/hazelcast-platform-operator/hazelcast.com/v1alpha1/hazelcasts.yaml b/crd-catalog/hazelcast/hazelcast-platform-operator/hazelcast.com/v1alpha1/hazelcasts.yaml index 222cdfd6a..0ecbf0bbb 100644 --- a/crd-catalog/hazelcast/hazelcast-platform-operator/hazelcast.com/v1alpha1/hazelcasts.yaml +++ b/crd-catalog/hazelcast/hazelcast-platform-operator/hazelcast.com/v1alpha1/hazelcasts.yaml @@ -83,7 +83,7 @@ spec: agent: default: repository: "docker.io/hazelcast/platform-operator-agent" - version: "0.1.27" + version: "0.1.28" description: "B&R Agent configurations" properties: repository: @@ -128,7 +128,7 @@ spec: type: "object" type: "object" version: - default: "0.1.27" + default: "0.1.28" description: "Version of Hazelcast Platform Operator Agent." type: "string" type: "object" @@ -225,6 +225,93 @@ spec: type: "string" type: "object" type: "array" + env: + description: "Env configuration of environment variables" + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-validations: + - message: "Environment variables cannot start with 'HZ_'. Use customConfigCmName to configure Hazelcast." + rule: "self.all(env, env.name.startsWith('HZ_') == false)" executorServices: description: "Java Executor Service configurations, see https://docs.hazelcast.com/hazelcast/latest/computing/executor-service" items: diff --git a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml index 1ad00e575..c3e6c093b 100644 --- a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml +++ b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml @@ -1133,6 +1133,83 @@ spec: type: "array" type: "object" type: "object" + tolerations: + items: + description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + topologySpreadConstraints: + items: + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." + properties: + labelSelector: + description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." + format: "int32" + type: "integer" + minDomains: + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate." + format: "int32" + type: "integer" + topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + type: "string" + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." + type: "string" + required: + - "maxSkew" + - "topologyKey" + - "whenUnsatisfiable" + type: "object" + type: "array" type: "object" security: description: "InfinispanSecurity info for the user application connection" diff --git a/crd-catalog/istio/istio/extensions.istio.io/v1alpha1/wasmplugins.yaml b/crd-catalog/istio/istio/extensions.istio.io/v1alpha1/wasmplugins.yaml index 6d9ddf69c..fd77149d0 100644 --- a/crd-catalog/istio/istio/extensions.istio.io/v1alpha1/wasmplugins.yaml +++ b/crd-catalog/istio/istio/extensions.istio.io/v1alpha1/wasmplugins.yaml @@ -107,15 +107,19 @@ spec: properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" sha256: description: "SHA256 checksum that will be used to verify Wasm module or OCI container." @@ -125,34 +129,66 @@ spec: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" targetRefs: description: "Optional." items: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" type: "array" type: description: "Specifies the type of Wasm Extension to be used.\n\nValid Options: HTTP, NETWORK" diff --git a/crd-catalog/istio/istio/networking.istio.io/v1/destinationrules.yaml b/crd-catalog/istio/istio/networking.istio.io/v1/destinationrules.yaml index f8216f4c1..89a2a0798 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1/destinationrules.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1/destinationrules.yaml @@ -85,6 +85,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -107,12 +110,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -123,6 +135,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -131,6 +146,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -193,6 +211,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -279,12 +300,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -309,6 +336,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -348,6 +378,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -370,12 +403,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -386,6 +428,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -394,6 +439,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -456,6 +504,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -542,12 +593,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -572,6 +629,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -632,6 +692,7 @@ spec: type: "array" type: "object" type: "object" + maxItems: 4096 type: "array" proxyProtocol: description: "The upstream PROXY protocol settings." @@ -731,6 +792,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -753,12 +817,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -769,6 +842,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -777,6 +853,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -839,6 +918,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -925,12 +1007,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -955,6 +1043,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -994,6 +1085,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -1016,12 +1110,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -1032,6 +1135,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -1040,6 +1146,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -1102,6 +1211,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -1188,12 +1300,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -1218,6 +1336,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -1278,6 +1399,7 @@ spec: type: "array" type: "object" type: "object" + maxItems: 4096 type: "array" proxyProtocol: description: "The upstream PROXY protocol settings." @@ -1352,15 +1474,19 @@ spec: properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" required: - "host" diff --git a/crd-catalog/istio/istio/networking.istio.io/v1/sidecars.yaml b/crd-catalog/istio/istio/networking.istio.io/v1/sidecars.yaml index acd013267..d1672c68d 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1/sidecars.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1/sidecars.yaml @@ -94,6 +94,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -116,12 +119,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -132,6 +144,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -140,6 +155,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -181,6 +199,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -203,12 +224,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -219,6 +249,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -227,6 +260,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" diff --git a/crd-catalog/istio/istio/networking.istio.io/v1/virtualservices.yaml b/crd-catalog/istio/istio/networking.istio.io/v1/virtualservices.yaml index 127bed1d1..7f5d47a29 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1/virtualservices.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1/virtualservices.yaml @@ -107,7 +107,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" type: "array" @@ -119,6 +119,9 @@ spec: maxAge: description: "Specifies how long the results of a preflight request can be cached." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" unmatchedPreflights: description: "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.\n\nValid Options: FORWARD, IGNORE" enum: @@ -223,9 +226,15 @@ spec: properties: exponentialDelay: type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" fixedDelay: description: "Add a fixed delay before forwarding the request." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" percent: description: "Percentage of requests on which the delay will be injected (0-100)." format: "int32" @@ -277,7 +286,7 @@ spec: items: properties: authority: - description: "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -299,7 +308,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" gateways: @@ -330,7 +339,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" description: "The header keys must be lowercase and use hyphen as the separator, e.g." @@ -339,7 +348,7 @@ spec: description: "Flag to specify whether the URI matching should be case-insensitive." type: "boolean" method: - description: "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -361,7 +370,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" name: @@ -395,13 +404,13 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" description: "Query parameters for matching." type: "object" scheme: - description: "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -423,7 +432,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" sourceLabels: @@ -438,7 +447,7 @@ spec: description: "The human readable prefix to use when emitting statistics for this route." type: "string" uri: - description: "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -460,7 +469,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" withoutHeaders: @@ -486,7 +495,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" description: "withoutHeader has the same syntax with the header, but has opposite meaning." @@ -618,6 +627,9 @@ spec: perTryTimeout: description: "Timeout per attempt for a given request, including the initial call and any retries." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" retryOn: description: "Specifies the conditions under which retry takes place." type: "string" @@ -639,7 +651,7 @@ spec: description: "rewrite the path portion of the URI with the specified regex." properties: match: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" rewrite: description: "The string that should replace into matching portions of original URI." @@ -714,6 +726,9 @@ spec: timeout: description: "Timeout for HTTP requests, default is disabled." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "array" tcp: diff --git a/crd-catalog/istio/istio/networking.istio.io/v1alpha3/destinationrules.yaml b/crd-catalog/istio/istio/networking.istio.io/v1alpha3/destinationrules.yaml index b9de69bb4..d20e526af 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1alpha3/destinationrules.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1alpha3/destinationrules.yaml @@ -85,6 +85,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -107,12 +110,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -123,6 +135,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -131,6 +146,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -193,6 +211,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -279,12 +300,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -309,6 +336,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -348,6 +378,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -370,12 +403,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -386,6 +428,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -394,6 +439,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -456,6 +504,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -542,12 +593,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -572,6 +629,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -632,6 +692,7 @@ spec: type: "array" type: "object" type: "object" + maxItems: 4096 type: "array" proxyProtocol: description: "The upstream PROXY protocol settings." @@ -731,6 +792,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -753,12 +817,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -769,6 +842,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -777,6 +853,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -839,6 +918,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -925,12 +1007,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -955,6 +1043,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -994,6 +1085,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -1016,12 +1110,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -1032,6 +1135,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -1040,6 +1146,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -1102,6 +1211,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -1188,12 +1300,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -1218,6 +1336,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -1278,6 +1399,7 @@ spec: type: "array" type: "object" type: "object" + maxItems: 4096 type: "array" proxyProtocol: description: "The upstream PROXY protocol settings." @@ -1352,15 +1474,19 @@ spec: properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" required: - "host" diff --git a/crd-catalog/istio/istio/networking.istio.io/v1alpha3/envoyfilters.yaml b/crd-catalog/istio/istio/networking.istio.io/v1alpha3/envoyfilters.yaml index 1e96e2ffc..8258e78a7 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1alpha3/envoyfilters.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1alpha3/envoyfilters.yaml @@ -237,17 +237,33 @@ spec: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" type: "array" workloadSelector: description: "Criteria used to select the specific set of pods/VMs on which this patch configuration should be applied." diff --git a/crd-catalog/istio/istio/networking.istio.io/v1alpha3/sidecars.yaml b/crd-catalog/istio/istio/networking.istio.io/v1alpha3/sidecars.yaml index 08513c842..a80ecbe89 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1alpha3/sidecars.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1alpha3/sidecars.yaml @@ -94,6 +94,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -116,12 +119,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -132,6 +144,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -140,6 +155,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -181,6 +199,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -203,12 +224,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -219,6 +249,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -227,6 +260,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" diff --git a/crd-catalog/istio/istio/networking.istio.io/v1alpha3/virtualservices.yaml b/crd-catalog/istio/istio/networking.istio.io/v1alpha3/virtualservices.yaml index be345e1bf..930a4aee2 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1alpha3/virtualservices.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1alpha3/virtualservices.yaml @@ -107,7 +107,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" type: "array" @@ -119,6 +119,9 @@ spec: maxAge: description: "Specifies how long the results of a preflight request can be cached." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" unmatchedPreflights: description: "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.\n\nValid Options: FORWARD, IGNORE" enum: @@ -223,9 +226,15 @@ spec: properties: exponentialDelay: type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" fixedDelay: description: "Add a fixed delay before forwarding the request." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" percent: description: "Percentage of requests on which the delay will be injected (0-100)." format: "int32" @@ -277,7 +286,7 @@ spec: items: properties: authority: - description: "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -299,7 +308,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" gateways: @@ -330,7 +339,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" description: "The header keys must be lowercase and use hyphen as the separator, e.g." @@ -339,7 +348,7 @@ spec: description: "Flag to specify whether the URI matching should be case-insensitive." type: "boolean" method: - description: "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -361,7 +370,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" name: @@ -395,13 +404,13 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" description: "Query parameters for matching." type: "object" scheme: - description: "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -423,7 +432,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" sourceLabels: @@ -438,7 +447,7 @@ spec: description: "The human readable prefix to use when emitting statistics for this route." type: "string" uri: - description: "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -460,7 +469,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" withoutHeaders: @@ -486,7 +495,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" description: "withoutHeader has the same syntax with the header, but has opposite meaning." @@ -618,6 +627,9 @@ spec: perTryTimeout: description: "Timeout per attempt for a given request, including the initial call and any retries." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" retryOn: description: "Specifies the conditions under which retry takes place." type: "string" @@ -639,7 +651,7 @@ spec: description: "rewrite the path portion of the URI with the specified regex." properties: match: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" rewrite: description: "The string that should replace into matching portions of original URI." @@ -714,6 +726,9 @@ spec: timeout: description: "Timeout for HTTP requests, default is disabled." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "array" tcp: diff --git a/crd-catalog/istio/istio/networking.istio.io/v1beta1/destinationrules.yaml b/crd-catalog/istio/istio/networking.istio.io/v1beta1/destinationrules.yaml index 8c3e899e3..4d00e7a91 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1beta1/destinationrules.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1beta1/destinationrules.yaml @@ -85,6 +85,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -107,12 +110,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -123,6 +135,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -131,6 +146,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -193,6 +211,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -279,12 +300,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -309,6 +336,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -348,6 +378,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -370,12 +403,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -386,6 +428,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -394,6 +439,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -456,6 +504,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -542,12 +593,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -572,6 +629,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -632,6 +692,7 @@ spec: type: "array" type: "object" type: "object" + maxItems: 4096 type: "array" proxyProtocol: description: "The upstream PROXY protocol settings." @@ -731,6 +792,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -753,12 +817,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -769,6 +842,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -777,6 +853,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -839,6 +918,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -925,12 +1007,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -955,6 +1043,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -994,6 +1085,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -1016,12 +1110,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -1032,6 +1135,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -1040,6 +1146,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -1102,6 +1211,9 @@ spec: ttl: description: "Lifetime of the cookie." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "name" type: "object" @@ -1188,12 +1300,18 @@ spec: warmupDurationSecs: description: "Represents the warmup duration of Service." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" outlierDetection: properties: baseEjectionTime: description: "Minimum ejection duration." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" consecutive5xxErrors: description: "Number of 5xx errors before a host is ejected from the connection pool." maximum: 4294967295.0 @@ -1218,6 +1336,9 @@ spec: interval: description: "Time interval between ejection sweep analysis." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxEjectionPercent: description: "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected." format: "int32" @@ -1278,6 +1399,7 @@ spec: type: "array" type: "object" type: "object" + maxItems: 4096 type: "array" proxyProtocol: description: "The upstream PROXY protocol settings." @@ -1352,15 +1474,19 @@ spec: properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" required: - "host" diff --git a/crd-catalog/istio/istio/networking.istio.io/v1beta1/proxyconfigs.yaml b/crd-catalog/istio/istio/networking.istio.io/v1beta1/proxyconfigs.yaml index 06563a0a3..655d6c96e 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1beta1/proxyconfigs.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1beta1/proxyconfigs.yaml @@ -31,10 +31,12 @@ spec: concurrency: description: "The number of worker threads to run." format: "int32" + minimum: 0.0 nullable: true type: "integer" environmentVariables: additionalProperties: + maxLength: 2048 type: "string" description: "Additional environment variables for the proxy." type: "object" @@ -50,15 +52,19 @@ spec: properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" type: "object" status: diff --git a/crd-catalog/istio/istio/networking.istio.io/v1beta1/sidecars.yaml b/crd-catalog/istio/istio/networking.istio.io/v1beta1/sidecars.yaml index d3e728753..19fe3997f 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1beta1/sidecars.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1beta1/sidecars.yaml @@ -94,6 +94,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -116,12 +119,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -132,6 +144,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -140,6 +155,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" @@ -181,6 +199,9 @@ spec: idleTimeout: description: "The idle timeout for upstream connection pool connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConcurrentStreams: description: "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection." format: "int32" @@ -203,12 +224,21 @@ spec: connectTimeout: description: "TCP connection timeout." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" idleTimeout: description: "The idle timeout for TCP connections." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnectionDuration: description: "The maximum duration of a connection." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" maxConnections: description: "Maximum number of HTTP1 /TCP connections to a destination host." format: "int32" @@ -219,6 +249,9 @@ spec: interval: description: "The time duration between keep-alive probes." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" probes: description: "Maximum number of keepalive probes to send without response before deciding the connection is dead." maximum: 4294967295.0 @@ -227,6 +260,9 @@ spec: time: description: "The time duration a connection needs to be idle before keep-alive probes start being sent." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "object" type: "object" diff --git a/crd-catalog/istio/istio/networking.istio.io/v1beta1/virtualservices.yaml b/crd-catalog/istio/istio/networking.istio.io/v1beta1/virtualservices.yaml index 37772d531..5279c8772 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1beta1/virtualservices.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1beta1/virtualservices.yaml @@ -107,7 +107,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" type: "array" @@ -119,6 +119,9 @@ spec: maxAge: description: "Specifies how long the results of a preflight request can be cached." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" unmatchedPreflights: description: "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.\n\nValid Options: FORWARD, IGNORE" enum: @@ -223,9 +226,15 @@ spec: properties: exponentialDelay: type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" fixedDelay: description: "Add a fixed delay before forwarding the request." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" percent: description: "Percentage of requests on which the delay will be injected (0-100)." format: "int32" @@ -277,7 +286,7 @@ spec: items: properties: authority: - description: "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -299,7 +308,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" gateways: @@ -330,7 +339,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" description: "The header keys must be lowercase and use hyphen as the separator, e.g." @@ -339,7 +348,7 @@ spec: description: "Flag to specify whether the URI matching should be case-insensitive." type: "boolean" method: - description: "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -361,7 +370,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" name: @@ -395,13 +404,13 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" description: "Query parameters for matching." type: "object" scheme: - description: "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -423,7 +432,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" sourceLabels: @@ -438,7 +447,7 @@ spec: description: "The human readable prefix to use when emitting statistics for this route." type: "string" uri: - description: "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." oneOf: - not: anyOf: @@ -460,7 +469,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" withoutHeaders: @@ -486,7 +495,7 @@ spec: prefix: type: "string" regex: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" type: "object" description: "withoutHeader has the same syntax with the header, but has opposite meaning." @@ -618,6 +627,9 @@ spec: perTryTimeout: description: "Timeout per attempt for a given request, including the initial call and any retries." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" retryOn: description: "Specifies the conditions under which retry takes place." type: "string" @@ -639,7 +651,7 @@ spec: description: "rewrite the path portion of the URI with the specified regex." properties: match: - description: "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)." + description: "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax)." type: "string" rewrite: description: "The string that should replace into matching portions of original URI." @@ -714,6 +726,9 @@ spec: timeout: description: "Timeout for HTTP requests, default is disabled." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "array" tcp: diff --git a/crd-catalog/istio/istio/security.istio.io/v1/authorizationpolicies.yaml b/crd-catalog/istio/istio/security.istio.io/v1/authorizationpolicies.yaml index cc639d6c1..efb526914 100644 --- a/crd-catalog/istio/istio/security.istio.io/v1/authorizationpolicies.yaml +++ b/crd-catalog/istio/istio/security.istio.io/v1/authorizationpolicies.yaml @@ -204,48 +204,84 @@ spec: properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" targetRef: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" targetRefs: description: "Optional." items: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" type: "array" type: "object" status: diff --git a/crd-catalog/istio/istio/security.istio.io/v1/peerauthentications.yaml b/crd-catalog/istio/istio/security.istio.io/v1/peerauthentications.yaml index 2ab526caa..2e756e474 100644 --- a/crd-catalog/istio/istio/security.istio.io/v1/peerauthentications.yaml +++ b/crd-catalog/istio/istio/security.istio.io/v1/peerauthentications.yaml @@ -65,23 +65,34 @@ spec: type: "string" type: "object" description: "Port specific mutual TLS settings." + minProperties: 1 type: "object" + x-kubernetes-validations: + - message: "port must be between 1-65535" + rule: "self.all(key, 0 < int(key) && int(key) <= 65535)" selector: description: "The selector determines the workloads to apply the PeerAuthentication on." properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" type: "object" + x-kubernetes-validations: + - message: "portLevelMtls requires selector" + rule: "(has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0) || !has(self.portLevelMtls)" status: type: "object" x-kubernetes-preserve-unknown-fields: true diff --git a/crd-catalog/istio/istio/security.istio.io/v1/requestauthentications.yaml b/crd-catalog/istio/istio/security.istio.io/v1/requestauthentications.yaml index 9f26c5ee0..64b664d12 100644 --- a/crd-catalog/istio/istio/security.istio.io/v1/requestauthentications.yaml +++ b/crd-catalog/istio/istio/security.istio.io/v1/requestauthentications.yaml @@ -38,6 +38,7 @@ spec: audiences: description: "The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) that are allowed to access." items: + minLength: 1 type: "string" type: "array" forwardOriginalToken: @@ -46,6 +47,7 @@ spec: fromCookies: description: "List of cookie names from which JWT is expected." items: + minLength: 1 type: "string" type: "array" fromHeaders: @@ -54,6 +56,7 @@ spec: properties: name: description: "The HTTP header name." + minLength: 1 type: "string" prefix: description: "The prefix that should be stripped before decoding the token." @@ -65,30 +68,48 @@ spec: fromParams: description: "List of query parameters from which JWT is expected." items: + minLength: 1 type: "string" type: "array" issuer: description: "Identifies the issuer that issued the JWT." + minLength: 1 type: "string" jwks: description: "JSON Web Key Set of public keys to validate signature of the JWT." type: "string" jwksUri: description: "URL of the provider's public key set to validate signature of the JWT." + maxLength: 2048 + minLength: 1 type: "string" + x-kubernetes-validations: + - message: "url must have scheme http:// or https://" + rule: "url(self).getScheme() in ['http', 'https']" jwks_uri: description: "URL of the provider's public key set to validate signature of the JWT." + maxLength: 2048 + minLength: 1 type: "string" + x-kubernetes-validations: + - message: "url must have scheme http:// or https://" + rule: "url(self).getScheme() in ['http', 'https']" outputClaimToHeaders: description: "This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token." items: properties: claim: description: "The name of the claim to be copied from." + minLength: 1 type: "string" header: description: "The name of the header to be created." + minLength: 1 + pattern: "^[-_A-Za-z0-9]+$" type: "string" + required: + - "header" + - "claim" type: "object" type: "array" outputPayloadToHeader: @@ -97,59 +118,105 @@ spec: timeout: description: "The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, will spend waiting for the JWKS to be fetched." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "issuer" type: "object" + x-kubernetes-validations: + - message: "only one of jwks or jwksUri can be set" + rule: "(has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1" + maxItems: 4096 type: "array" selector: description: "Optional." properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" targetRef: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" targetRefs: description: "Optional." items: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" type: "array" type: "object" + x-kubernetes-validations: + - message: "only one of targetRefs or workloadSelector can be set" + rule: "(has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1" status: type: "object" x-kubernetes-preserve-unknown-fields: true diff --git a/crd-catalog/istio/istio/security.istio.io/v1beta1/authorizationpolicies.yaml b/crd-catalog/istio/istio/security.istio.io/v1beta1/authorizationpolicies.yaml index c45a3ffca..0364f0daf 100644 --- a/crd-catalog/istio/istio/security.istio.io/v1beta1/authorizationpolicies.yaml +++ b/crd-catalog/istio/istio/security.istio.io/v1beta1/authorizationpolicies.yaml @@ -204,48 +204,84 @@ spec: properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" targetRef: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" targetRefs: description: "Optional." items: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" type: "array" type: "object" status: diff --git a/crd-catalog/istio/istio/security.istio.io/v1beta1/peerauthentications.yaml b/crd-catalog/istio/istio/security.istio.io/v1beta1/peerauthentications.yaml index 342bdc4d2..4438a55cb 100644 --- a/crd-catalog/istio/istio/security.istio.io/v1beta1/peerauthentications.yaml +++ b/crd-catalog/istio/istio/security.istio.io/v1beta1/peerauthentications.yaml @@ -65,23 +65,34 @@ spec: type: "string" type: "object" description: "Port specific mutual TLS settings." + minProperties: 1 type: "object" + x-kubernetes-validations: + - message: "port must be between 1-65535" + rule: "self.all(key, 0 < int(key) && int(key) <= 65535)" selector: description: "The selector determines the workloads to apply the PeerAuthentication on." properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" type: "object" + x-kubernetes-validations: + - message: "portLevelMtls requires selector" + rule: "(has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0) || !has(self.portLevelMtls)" status: type: "object" x-kubernetes-preserve-unknown-fields: true diff --git a/crd-catalog/istio/istio/security.istio.io/v1beta1/requestauthentications.yaml b/crd-catalog/istio/istio/security.istio.io/v1beta1/requestauthentications.yaml index 75bf80bbc..dbeb17839 100644 --- a/crd-catalog/istio/istio/security.istio.io/v1beta1/requestauthentications.yaml +++ b/crd-catalog/istio/istio/security.istio.io/v1beta1/requestauthentications.yaml @@ -38,6 +38,7 @@ spec: audiences: description: "The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) that are allowed to access." items: + minLength: 1 type: "string" type: "array" forwardOriginalToken: @@ -46,6 +47,7 @@ spec: fromCookies: description: "List of cookie names from which JWT is expected." items: + minLength: 1 type: "string" type: "array" fromHeaders: @@ -54,6 +56,7 @@ spec: properties: name: description: "The HTTP header name." + minLength: 1 type: "string" prefix: description: "The prefix that should be stripped before decoding the token." @@ -65,30 +68,48 @@ spec: fromParams: description: "List of query parameters from which JWT is expected." items: + minLength: 1 type: "string" type: "array" issuer: description: "Identifies the issuer that issued the JWT." + minLength: 1 type: "string" jwks: description: "JSON Web Key Set of public keys to validate signature of the JWT." type: "string" jwksUri: description: "URL of the provider's public key set to validate signature of the JWT." + maxLength: 2048 + minLength: 1 type: "string" + x-kubernetes-validations: + - message: "url must have scheme http:// or https://" + rule: "url(self).getScheme() in ['http', 'https']" jwks_uri: description: "URL of the provider's public key set to validate signature of the JWT." + maxLength: 2048 + minLength: 1 type: "string" + x-kubernetes-validations: + - message: "url must have scheme http:// or https://" + rule: "url(self).getScheme() in ['http', 'https']" outputClaimToHeaders: description: "This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token." items: properties: claim: description: "The name of the claim to be copied from." + minLength: 1 type: "string" header: description: "The name of the header to be created." + minLength: 1 + pattern: "^[-_A-Za-z0-9]+$" type: "string" + required: + - "header" + - "claim" type: "object" type: "array" outputPayloadToHeader: @@ -97,59 +118,105 @@ spec: timeout: description: "The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, will spend waiting for the JWKS to be fetched." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" required: - "issuer" type: "object" + x-kubernetes-validations: + - message: "only one of jwks or jwksUri can be set" + rule: "(has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1" + maxItems: 4096 type: "array" selector: description: "Optional." properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" targetRef: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" targetRefs: description: "Optional." items: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" type: "array" type: "object" + x-kubernetes-validations: + - message: "only one of targetRefs or workloadSelector can be set" + rule: "(has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1" status: type: "object" x-kubernetes-preserve-unknown-fields: true diff --git a/crd-catalog/istio/istio/telemetry.istio.io/v1/telemetries.yaml b/crd-catalog/istio/istio/telemetry.istio.io/v1/telemetries.yaml index b3c06cd2c..4eb7973b4 100644 --- a/crd-catalog/istio/istio/telemetry.istio.io/v1/telemetries.yaml +++ b/crd-catalog/istio/istio/telemetry.istio.io/v1/telemetries.yaml @@ -166,6 +166,9 @@ spec: reportingInterval: description: "Optional." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "array" selector: @@ -173,48 +176,84 @@ spec: properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" targetRef: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" targetRefs: description: "Optional." items: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" type: "array" tracing: description: "Optional." diff --git a/crd-catalog/istio/istio/telemetry.istio.io/v1alpha1/telemetries.yaml b/crd-catalog/istio/istio/telemetry.istio.io/v1alpha1/telemetries.yaml index d8df9371e..7838c85a7 100644 --- a/crd-catalog/istio/istio/telemetry.istio.io/v1alpha1/telemetries.yaml +++ b/crd-catalog/istio/istio/telemetry.istio.io/v1alpha1/telemetries.yaml @@ -166,6 +166,9 @@ spec: reportingInterval: description: "Optional." type: "string" + x-kubernetes-validations: + - message: "must be a valid duration greater than 1ms" + rule: "duration(self) >= duration('1ms')" type: "object" type: "array" selector: @@ -173,48 +176,84 @@ spec: properties: matchLabels: additionalProperties: + maxLength: 63 type: "string" + x-kubernetes-validations: + - message: "wildcard not allowed in label value match" + rule: "!self.contains('*')" description: "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied." maxProperties: 4096 type: "object" x-kubernetes-validations: - message: "wildcard not allowed in label key match" rule: "self.all(key, !key.contains('*'))" - - message: "wildcard not allowed in label value match" - rule: "self.map(key, self[key]).all(v, !v.contains('*'))" + - message: "key must not be empty" + rule: "self.all(key, key.size() != 0)" type: "object" targetRef: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" targetRefs: description: "Optional." items: properties: group: description: "group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: description: "kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: description: "name is the name of the target resource." + maxLength: 253 + minLength: 1 type: "string" namespace: description: "namespace is the namespace of the referent." type: "string" + x-kubernetes-validations: + - message: "cross namespace referencing is not currently supported" + rule: "self.size() == 0" + required: + - "kind" + - "name" type: "object" + x-kubernetes-validations: + - message: "Support kinds are core/Service and gateway.networking.k8s.io/Gateway" + rule: "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" type: "array" tracing: description: "Optional." diff --git a/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml b/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml index ee056025b..c75e958ea 100644 --- a/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml +++ b/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml @@ -40,7 +40,7 @@ spec: description: "DependencyInterpretation describes the rules for Karmada to analyze the\ndependent resources.\nKarmada provides built-in rules for several standard Kubernetes types, see:\nhttps://karmada.io/docs/userguide/globalview/customizing-resource-interpreter/#interpretdependency\nIf DependencyInterpretation is set, the built-in rules will be ignored." properties: luaScript: - description: "LuaScript holds the Lua script that is used to interpret the dependencies of\na specific resource.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function GetDependencies(desiredObj)\n dependencies = {}\n if desiredObj.spec.serviceAccountName ~= nil and desiredObj.spec.serviceAccountName ~= \"default\" then\n dependency = {}\n dependency.apiVersion = \"v1\"\n dependency.kind = \"ServiceAccount\"\n dependency.name = desiredObj.spec.serviceAccountName\n dependency.namespace = desiredObj.namespace\n dependencies[1] = {}\n dependencies[1] = dependency\n end\n return dependencies\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n\n\nThe returned value should be expressed by a slice of DependentObjectReference." + description: "LuaScript holds the Lua script that is used to interpret the dependencies of\na specific resource.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function GetDependencies(desiredObj)\n dependencies = {}\n serviceAccountName = desiredObj.spec.template.spec.serviceAccountName\n if serviceAccountName ~= nil and serviceAccountName ~= \"default\" then\n dependency = {}\n dependency.apiVersion = \"v1\"\n dependency.kind = \"ServiceAccount\"\n dependency.name = serviceAccountName\n dependency.namespace = desiredObj.metadata.namespace\n dependencies[1] = dependency\n end\n return dependencies\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n\n\nThe returned value should be expressed by a slice of DependentObjectReference." type: "string" required: - "luaScript" diff --git a/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml b/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml index 52f0eb6f3..7b1e74cc1 100644 --- a/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml +++ b/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml @@ -1208,6 +1208,9 @@ spec: - "http" - "https" type: "string" + write_timeout: + description: "The maximum duration, in seconds, before timing out writes of the HTTP response back to the client. Default is 30." + type: "integer" type: "object" version: description: "The version of the Ansible playbook to execute in order to install that version of Kiali.\nIt is rare you will want to set this - if you are thinking of setting this, know what you are doing first.\nThe only supported value today is `default`.\n\nIf not specified, a default version of Kiali will be installed which will be the most recent release of Kiali.\nRefer to this file to see where these values are defined in the master branch,\nhttps://github.com/kiali/kiali-operator/blob/master/playbooks/kiali-default-supported-images.yml\n\nThis version setting affects the defaults of the deployment.image_name and\ndeployment.image_version settings. See the comments for those settings\nbelow for additional details. But in short, this version setting will\ndictate which version of the Kiali image will be deployed by default.\nNote that if you explicitly set deployment.image_name and/or\ndeployment.image_version you are responsible for ensuring those settings\nare compatible with this setting (i.e. the Kiali image must be compatible\nwith the rest of the configuration and resources the operator will install).\n" diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/fluentbitagents.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/fluentbitagents.yaml index c86333a45..a1fee8101 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/fluentbitagents.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/fluentbitagents.yaml @@ -1738,6 +1738,8 @@ spec: keepaliveMaxRecycle: format: "int32" type: "integer" + maxWorkerConnections: + type: "integer" sourceAddress: type: "string" type: "object" diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/loggings.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/loggings.yaml index eb749b83c..622cc9bd6 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/loggings.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/loggings.yaml @@ -2764,6 +2764,8 @@ spec: keepaliveMaxRecycle: format: "int32" type: "integer" + maxWorkerConnections: + type: "integer" sourceAddress: type: "string" type: "object" @@ -11843,6 +11845,8 @@ spec: keepaliveMaxRecycle: format: "int32" type: "integer" + maxWorkerConnections: + type: "integer" sourceAddress: type: "string" type: "object" diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/nodeagents.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/nodeagents.yaml index 2c03e2de9..332f4e732 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/nodeagents.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/nodeagents.yaml @@ -4334,6 +4334,8 @@ spec: keepaliveMaxRecycle: format: "int32" type: "integer" + maxWorkerConnections: + type: "integer" sourceAddress: type: "string" type: "object" diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusterclasses.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusterclasses.yaml index 8d2db5e61..b8978155a 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusterclasses.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusterclasses.yaml @@ -51,7 +51,7 @@ spec: description: "Any further remediation is only allowed if at most \"MaxUnhealthy\" machines selected by\n\"selector\" are not healthy." x-kubernetes-int-or-string: true nodeStartupTimeout: - description: "Machines older than this duration without a node will be considered to have\nfailed and will be remediated.\nIf you wish to disable this feature, set the value explicitly to 0." + description: "NodeStartupTimeout allows to set the maximum time for MachineHealthCheck\nto consider a Machine unhealthy if a corresponding Node isn't associated\nthrough a `Spec.ProviderID` field.\n\n\nThe duration set in this field is compared to the greatest of:\n- Cluster's infrastructure and control plane ready condition timestamp (if and when available)\n- Machine's infrastructure ready condition timestamp (if and when available)\n- Machine's metadata creation timestamp\n\n\nDefaults to 10 minutes.\nIf you wish to disable this feature, set the value explicitly to 0." type: "string" remediationTemplate: description: "RemediationTemplate is a reference to a remediation template\nprovided by an infrastructure provider.\n\n\nThis field is completely optional, when filled, the MachineHealthCheck controller\ncreates a new object from the template referenced and hands off remediation of the machine to\na controller that lives outside of Cluster API." @@ -483,7 +483,7 @@ spec: description: "Any further remediation is only allowed if at most \"MaxUnhealthy\" machines selected by\n\"selector\" are not healthy." x-kubernetes-int-or-string: true nodeStartupTimeout: - description: "Machines older than this duration without a node will be considered to have\nfailed and will be remediated.\nIf you wish to disable this feature, set the value explicitly to 0." + description: "NodeStartupTimeout allows to set the maximum time for MachineHealthCheck\nto consider a Machine unhealthy if a corresponding Node isn't associated\nthrough a `Spec.ProviderID` field.\n\n\nThe duration set in this field is compared to the greatest of:\n- Cluster's infrastructure and control plane ready condition timestamp (if and when available)\n- Machine's infrastructure ready condition timestamp (if and when available)\n- Machine's metadata creation timestamp\n\n\nDefaults to 10 minutes.\nIf you wish to disable this feature, set the value explicitly to 0." type: "string" remediationTemplate: description: "RemediationTemplate is a reference to a remediation template\nprovided by an infrastructure provider.\n\n\nThis field is completely optional, when filled, the MachineHealthCheck controller\ncreates a new object from the template referenced and hands off remediation of the machine to\na controller that lives outside of Cluster API." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml index 4feba99ce..3f4c3f9d4 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml @@ -172,7 +172,7 @@ spec: description: "Any further remediation is only allowed if at most \"MaxUnhealthy\" machines selected by\n\"selector\" are not healthy." x-kubernetes-int-or-string: true nodeStartupTimeout: - description: "Machines older than this duration without a node will be considered to have\nfailed and will be remediated.\nIf you wish to disable this feature, set the value explicitly to 0." + description: "NodeStartupTimeout allows to set the maximum time for MachineHealthCheck\nto consider a Machine unhealthy if a corresponding Node isn't associated\nthrough a `Spec.ProviderID` field.\n\n\nThe duration set in this field is compared to the greatest of:\n- Cluster's infrastructure and control plane ready condition timestamp (if and when available)\n- Machine's infrastructure ready condition timestamp (if and when available)\n- Machine's metadata creation timestamp\n\n\nDefaults to 10 minutes.\nIf you wish to disable this feature, set the value explicitly to 0." type: "string" remediationTemplate: description: "RemediationTemplate is a reference to a remediation template\nprovided by an infrastructure provider.\n\n\nThis field is completely optional, when filled, the MachineHealthCheck controller\ncreates a new object from the template referenced and hands off remediation of the machine to\na controller that lives outside of Cluster API." @@ -328,7 +328,7 @@ spec: description: "Any further remediation is only allowed if at most \"MaxUnhealthy\" machines selected by\n\"selector\" are not healthy." x-kubernetes-int-or-string: true nodeStartupTimeout: - description: "Machines older than this duration without a node will be considered to have\nfailed and will be remediated.\nIf you wish to disable this feature, set the value explicitly to 0." + description: "NodeStartupTimeout allows to set the maximum time for MachineHealthCheck\nto consider a Machine unhealthy if a corresponding Node isn't associated\nthrough a `Spec.ProviderID` field.\n\n\nThe duration set in this field is compared to the greatest of:\n- Cluster's infrastructure and control plane ready condition timestamp (if and when available)\n- Machine's infrastructure ready condition timestamp (if and when available)\n- Machine's metadata creation timestamp\n\n\nDefaults to 10 minutes.\nIf you wish to disable this feature, set the value explicitly to 0." type: "string" remediationTemplate: description: "RemediationTemplate is a reference to a remediation template\nprovided by an infrastructure provider.\n\n\nThis field is completely optional, when filled, the MachineHealthCheck controller\ncreates a new object from the template referenced and hands off remediation of the machine to\na controller that lives outside of Cluster API." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml index 0a325d5af..96bc92384 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml @@ -66,7 +66,7 @@ spec: description: "Any further remediation is only allowed if at most \"MaxUnhealthy\" machines selected by\n\"selector\" are not healthy." x-kubernetes-int-or-string: true nodeStartupTimeout: - description: "Machines older than this duration without a node will be considered to have\nfailed and will be remediated.\nIf not set, this value is defaulted to 10 minutes.\nIf you wish to disable this feature, set the value explicitly to 0." + description: "NodeStartupTimeout allows to set the maximum time for MachineHealthCheck\nto consider a Machine unhealthy if a corresponding Node isn't associated\nthrough a `Spec.ProviderID` field.\n\n\nThe duration set in this field is compared to the greatest of:\n- Cluster's infrastructure and control plane ready condition timestamp (if and when available)\n- Machine's infrastructure ready condition timestamp (if and when available)\n- Machine's metadata creation timestamp\n\n\nDefaults to 10 minutes.\nIf you wish to disable this feature, set the value explicitly to 0." type: "string" remediationTemplate: description: "RemediationTemplate is a reference to a remediation template\nprovided by an infrastructure provider.\n\n\nThis field is completely optional, when filled, the MachineHealthCheck controller\ncreates a new object from the template referenced and hands off remediation of the machine to\na controller that lives outside of Cluster API." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml index 0e6d2d357..474799ec0 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml @@ -69,7 +69,7 @@ spec: type: "string" type: "array" minReadySeconds: - description: "Minimum number of seconds for which a newly created machine instances should\nbe ready.\nDefaults to 0 (machine instance will be considered available as soon as it\nis ready)\nNOTE: No logic is implemented for this field and it currently has no behaviour." + description: "Minimum number of seconds for which a newly created machine instances should\nbe ready.\nDefaults to 0 (machine instance will be considered available as soon as it\nis ready)" format: "int32" type: "integer" providerIDList: diff --git a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml index 48ac38369..f9ee27377 100644 --- a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml +++ b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml @@ -65,7 +65,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -114,7 +115,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -294,7 +296,8 @@ spec: description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -317,7 +320,8 @@ spec: description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -356,7 +360,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -376,7 +381,8 @@ spec: description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -636,7 +642,8 @@ spec: description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -753,7 +760,8 @@ spec: description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -911,7 +919,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -997,7 +1006,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -1077,7 +1087,8 @@ spec: description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1107,7 +1118,8 @@ spec: description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1179,7 +1191,8 @@ spec: description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1219,7 +1232,8 @@ spec: description: "ImageRepoSecret is an optional secret that is used to pull both the module loader and the device plugin, and\nto push the resulting image from the module loader build, if enabled." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1260,7 +1274,8 @@ spec: description: "ConfigMap that holds Dockerfile contents" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1277,7 +1292,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1340,7 +1356,8 @@ spec: description: "ConfigMap that holds Dockerfile contents" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1357,7 +1374,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1404,7 +1422,8 @@ spec: description: "a secret containing the public key used to sign kernel modules for secureboot" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1417,7 +1436,8 @@ spec: description: "a secret containing the private key used to sign kernel modules for secureboot" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1516,7 +1536,8 @@ spec: description: "a secret containing the public key used to sign kernel modules for secureboot" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1529,7 +1550,8 @@ spec: description: "a secret containing the private key used to sign kernel modules for secureboot" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml index e73443508..c8be327e1 100644 --- a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml +++ b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml @@ -115,7 +115,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -220,7 +221,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/admissionchecks.yaml b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/admissionchecks.yaml index a7d2175e1..dd2495c14 100644 --- a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/admissionchecks.yaml +++ b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/admissionchecks.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "admissionchecks.kueue.x-k8s.io" spec: group: "kueue.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/clusterqueues.yaml b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/clusterqueues.yaml index 06a3f3cde..bbe09e583 100644 --- a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/clusterqueues.yaml +++ b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/clusterqueues.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "clusterqueues.kueue.x-k8s.io" spec: group: "kueue.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/localqueues.yaml b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/localqueues.yaml index ac8a7d6e0..dd7ec84b5 100644 --- a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/localqueues.yaml +++ b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/localqueues.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "localqueues.kueue.x-k8s.io" spec: group: "kueue.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml index e7c6e056f..a5800dc2c 100644 --- a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml +++ b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "resourceflavors.kueue.x-k8s.io" spec: group: "kueue.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/workloads.yaml b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/workloads.yaml index f6c35b92d..345b4c5ae 100644 --- a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/workloads.yaml +++ b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/workloads.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "workloads.kueue.x-k8s.io" spec: group: "kueue.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml index 2e7e85d4a..823995cf0 100644 --- a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml +++ b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml @@ -407,7 +407,7 @@ spec: maxItems: 100 type: "array" priority: - description: "Priority is a value from 0 to 1000. Rules with lower priority values have\nhigher precedence, and are checked before rules with higher priority values.\nAll AdminNetworkPolicy rules have higher precedence than NetworkPolicy or\nBaselineAdminNetworkPolicy rules\nThe behavior is undefined if two ANP objects have same priority.\n\n\nSupport: Core" + description: "Priority is a value from 0 to 1000. Policies with lower priority values have\nhigher precedence, and are checked before policies with higher priority values.\nAll AdminNetworkPolicy rules have higher precedence than NetworkPolicy or\nBaselineAdminNetworkPolicy rules\nEvery AdminNetworkPolicy should have a unique priority value; if two (or more)\npolicies with the same priority could both match a connection, then the\nimplementation can apply any of the matching policies to the connection, and\nthere is no way for the user to reliably determine which one it will choose.\n\n\nSupport: Core" format: "int32" maximum: 1000.0 minimum: 0.0 diff --git a/crd-catalog/kubernetes-sigs/node-feature-discovery-operator/nfd.kubernetes.io/v1/nodefeaturediscoveries.yaml b/crd-catalog/kubernetes-sigs/node-feature-discovery-operator/nfd.kubernetes.io/v1/nodefeaturediscoveries.yaml index d4f4ace5a..5024f78ee 100644 --- a/crd-catalog/kubernetes-sigs/node-feature-discovery-operator/nfd.kubernetes.io/v1/nodefeaturediscoveries.yaml +++ b/crd-catalog/kubernetes-sigs/node-feature-discovery-operator/nfd.kubernetes.io/v1/nodefeaturediscoveries.yaml @@ -29,6 +29,9 @@ spec: spec: description: "NodeFeatureDiscoverySpec defines the desired state of NodeFeatureDiscovery" properties: + enableTaints: + description: "EnableTaints enables the enable the experimental tainting feature This allows keeping nodes with specialized hardware away from running general workload i and instead leave them for workloads that need the specialized hardware." + type: "boolean" extraLabelNs: description: "ExtraLabelNs defines the list of of allowed extra label namespaces By default, only allow labels in the default `feature.node.kubernetes.io` label namespace" items: diff --git a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testexecutions.yaml b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testexecutions.yaml index 317285b52..5572b294d 100644 --- a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testexecutions.yaml +++ b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testexecutions.yaml @@ -91,6 +91,9 @@ spec: cronJobTemplate: description: "cron job template extensions" type: "string" + disableWebhooks: + description: "whether webhooks should be called on execution" + type: "boolean" envConfigMaps: description: "config map references" items: diff --git a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testsuiteexecutions.yaml b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testsuiteexecutions.yaml index 9e052406d..cd84e4e45 100644 --- a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testsuiteexecutions.yaml +++ b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testsuiteexecutions.yaml @@ -401,6 +401,9 @@ spec: description: "uri of test content" type: "string" type: "object" + disableWebhooks: + description: "whether webhooks should be disabled for this execution" + type: "boolean" duration: description: "test duration" type: "string" @@ -917,6 +920,9 @@ spec: description: "uri of test content" type: "string" type: "object" + disableWebhooks: + description: "whether webhooks should be disabled for this execution" + type: "boolean" duration: description: "test duration" type: "string" diff --git a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/tests.yaml b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/tests.yaml index 520ccd631..a04961f7f 100644 --- a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/tests.yaml +++ b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/tests.yaml @@ -180,6 +180,9 @@ spec: cronJobTemplateReference: description: "name of the template resource" type: "string" + disableWebhooks: + description: "whether webhooks should be called on execution" + type: "boolean" envConfigMaps: description: "config map references" items: diff --git a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/testsuites.yaml b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/testsuites.yaml index 2f53c1d4d..1c3d6599b 100644 --- a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/testsuites.yaml +++ b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/testsuites.yaml @@ -85,6 +85,9 @@ spec: cronJobTemplateReference: description: "cron job template extensions reference" type: "string" + disableWebhooks: + description: "whether webhooks should be called on execution" + type: "boolean" executionLabels: additionalProperties: type: "string" @@ -283,6 +286,9 @@ spec: cronJobTemplateReference: description: "cron job template extensions reference" type: "string" + disableWebhooks: + description: "whether webhooks should be called on execution" + type: "boolean" executionLabels: additionalProperties: type: "string" @@ -436,6 +442,9 @@ spec: cronJobTemplateReference: description: "name of the template resource" type: "string" + disableWebhooks: + description: "whether webhooks should be called on execution" + type: "boolean" executionLabels: additionalProperties: type: "string" @@ -631,6 +640,9 @@ spec: cronJobTemplateReference: description: "cron job template extensions reference" type: "string" + disableWebhooks: + description: "whether webhooks should be called on execution" + type: "boolean" executionLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/hooks.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/hooks.yaml index 2d7f58a6d..7dab66c60 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/hooks.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/hooks.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "hooks.forklift.konveyor.io" spec: group: "forklift.konveyor.io" @@ -29,10 +29,10 @@ spec: description: "Hook is the Schema for the hooks API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/hosts.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/hosts.yaml index 164f00213..e413248d6 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/hosts.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/hosts.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "hosts.forklift.konveyor.io" spec: group: "forklift.konveyor.io" @@ -28,10 +28,10 @@ spec: openAPIV3Schema: properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -39,16 +39,16 @@ spec: description: "HostSpec defines the desired state of Host" properties: id: - description: "The object ID. vsphere: The managed object ID." + description: "The object ID.\nvsphere:\n The managed object ID." type: "string" ipAddress: description: "IP address used for disk transfer." type: "string" name: - description: "An object Name. vsphere: A qualified name." + description: "An object Name.\nvsphere:\n A qualified name." type: "string" namespace: - description: "The VM Namespace Only relevant for an openshift source." + description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" provider: description: "Provider" @@ -57,22 +57,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -83,22 +83,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml index 757ddc2a2..83e1114fc 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "migrations.forklift.konveyor.io" spec: group: "forklift.konveyor.io" @@ -34,10 +34,10 @@ spec: openAPIV3Schema: properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -47,16 +47,16 @@ spec: cancel: description: "List of VMs which will have their imports canceled." items: - description: "Source reference. Either the ID or Name must be specified." + description: "Source reference.\nEither the ID or Name must be specified." properties: id: - description: "The object ID. vsphere: The managed object ID." + description: "The object ID.\nvsphere:\n The managed object ID." type: "string" name: - description: "An object Name. vsphere: A qualified name." + description: "An object Name.\nvsphere:\n A qualified name." type: "string" namespace: - description: "The VM Namespace Only relevant for an openshift source." + description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" type: description: "Type used to qualify the name." @@ -64,7 +64,7 @@ spec: type: "object" type: "array" cutover: - description: "Date and time to finalize a warm migration. If present, this will override the value set on the Plan." + description: "Date and time to finalize a warm migration.\nIf present, this will override the value set on the Plan." format: "date-time" type: "string" plan: @@ -74,22 +74,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -226,22 +226,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -254,13 +254,13 @@ spec: type: "object" type: "array" id: - description: "The object ID. vsphere: The managed object ID." + description: "The object ID.\nvsphere:\n The managed object ID." type: "string" name: - description: "An object Name. vsphere: A qualified name." + description: "An object Name.\nvsphere:\n A qualified name." type: "string" namespace: - description: "The VM Namespace Only relevant for an openshift source." + description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" phase: description: "Phase" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/networkmaps.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/networkmaps.yaml index b788106dd..c845efe45 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/networkmaps.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/networkmaps.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "networkmaps.forklift.konveyor.io" spec: group: "forklift.konveyor.io" @@ -25,10 +25,10 @@ spec: openAPIV3Schema: properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -62,13 +62,13 @@ spec: description: "Source network." properties: id: - description: "The object ID. vsphere: The managed object ID." + description: "The object ID.\nvsphere:\n The managed object ID." type: "string" name: - description: "An object Name. vsphere: A qualified name." + description: "An object Name.\nvsphere:\n A qualified name." type: "string" namespace: - description: "The VM Namespace Only relevant for an openshift source." + description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" type: description: "Type used to qualify the name." @@ -89,22 +89,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -115,22 +115,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -190,16 +190,16 @@ spec: type: "integer" references: items: - description: "Source reference. Either the ID or Name must be specified." + description: "Source reference.\nEither the ID or Name must be specified." properties: id: - description: "The object ID. vsphere: The managed object ID." + description: "The object ID.\nvsphere:\n The managed object ID." type: "string" name: - description: "An object Name. vsphere: A qualified name." + description: "An object Name.\nvsphere:\n A qualified name." type: "string" namespace: - description: "The VM Namespace Only relevant for an openshift source." + description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" type: description: "Type used to qualify the name." diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/openstackvolumepopulators.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/openstackvolumepopulators.yaml index 13874ca3c..dc4289e78 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/openstackvolumepopulators.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/openstackvolumepopulators.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "openstackvolumepopulators.forklift.konveyor.io" spec: group: "forklift.konveyor.io" @@ -21,10 +21,10 @@ spec: openAPIV3Schema: properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -43,22 +43,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/ovirtvolumepopulators.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/ovirtvolumepopulators.yaml index 70414308d..e7e3142f2 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/ovirtvolumepopulators.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/ovirtvolumepopulators.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ovirtvolumepopulators.forklift.konveyor.io" spec: group: "forklift.konveyor.io" @@ -21,10 +21,10 @@ spec: openAPIV3Schema: properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -43,22 +43,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml index 6d2fcead2..54133e332 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "plans.forklift.konveyor.io" spec: group: "forklift.konveyor.io" @@ -34,10 +34,10 @@ spec: openAPIV3Schema: properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -60,22 +60,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -86,22 +86,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -125,22 +125,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -151,22 +151,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -184,22 +184,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -220,22 +220,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -248,13 +248,13 @@ spec: type: "object" type: "array" id: - description: "The object ID. vsphere: The managed object ID." + description: "The object ID.\nvsphere:\n The managed object ID." type: "string" name: - description: "An object Name. vsphere: A qualified name." + description: "An object Name.\nvsphere:\n A qualified name." type: "string" namespace: - description: "The VM Namespace Only relevant for an openshift source." + description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" type: description: "Type used to qualify the name." @@ -377,7 +377,7 @@ spec: namespace: type: "string" uid: - description: "UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated." + description: "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated." type: "string" required: - "generation" @@ -396,7 +396,7 @@ spec: namespace: type: "string" uid: - description: "UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated." + description: "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated." type: "string" required: - "generation" @@ -419,7 +419,7 @@ spec: namespace: type: "string" uid: - description: "UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated." + description: "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated." type: "string" required: - "generation" @@ -438,7 +438,7 @@ spec: namespace: type: "string" uid: - description: "UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated." + description: "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated." type: "string" required: - "generation" @@ -460,7 +460,7 @@ spec: namespace: type: "string" uid: - description: "UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated." + description: "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated." type: "string" required: - "generation" @@ -479,7 +479,7 @@ spec: namespace: type: "string" uid: - description: "UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated." + description: "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated." type: "string" required: - "generation" @@ -578,22 +578,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -606,13 +606,13 @@ spec: type: "object" type: "array" id: - description: "The object ID. vsphere: The managed object ID." + description: "The object ID.\nvsphere:\n The managed object ID." type: "string" name: - description: "An object Name. vsphere: A qualified name." + description: "An object Name.\nvsphere:\n A qualified name." type: "string" namespace: - description: "The VM Namespace Only relevant for an openshift source." + description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" phase: description: "Phase" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/providers.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/providers.yaml index 0c056acaf..3490b569b 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/providers.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/providers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "providers.forklift.konveyor.io" spec: group: "forklift.konveyor.io" @@ -40,10 +40,10 @@ spec: openAPIV3Schema: properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -51,28 +51,28 @@ spec: description: "Defines the desired state of Provider." properties: secret: - description: "References a secret containing credentials and other confidential information." + description: "References a secret containing credentials and\nother confidential information." properties: apiVersion: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -85,7 +85,7 @@ spec: description: "Provider type." type: "string" url: - description: "The provider URL. Empty may be used for the `host` provider." + description: "The provider URL.\nEmpty may be used for the `host` provider." type: "string" required: - "secret" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/storagemaps.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/storagemaps.yaml index e38382c09..9266faf24 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/storagemaps.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/storagemaps.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "storagemaps.forklift.konveyor.io" spec: group: "forklift.konveyor.io" @@ -25,10 +25,10 @@ spec: openAPIV3Schema: properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -66,13 +66,13 @@ spec: description: "Source storage." properties: id: - description: "The object ID. vsphere: The managed object ID." + description: "The object ID.\nvsphere:\n The managed object ID." type: "string" name: - description: "An object Name. vsphere: A qualified name." + description: "An object Name.\nvsphere:\n A qualified name." type: "string" namespace: - description: "The VM Namespace Only relevant for an openshift source." + description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" type: description: "Type used to qualify the name." @@ -93,22 +93,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -119,22 +119,22 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -194,16 +194,16 @@ spec: type: "integer" references: items: - description: "Source reference. Either the ID or Name must be specified." + description: "Source reference.\nEither the ID or Name must be specified." properties: id: - description: "The object ID. vsphere: The managed object ID." + description: "The object ID.\nvsphere:\n The managed object ID." type: "string" name: - description: "An object Name. vsphere: A qualified name." + description: "An object Name.\nvsphere:\n A qualified name." type: "string" namespace: - description: "The VM Namespace Only relevant for an openshift source." + description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" type: description: "Type used to qualify the name." diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml index 99d1e33ce..42c13d91d 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml @@ -32,7 +32,7 @@ spec: catch: description: "Catch defines what the tests steps will execute when an error happens.\nThis will be combined with catch handlers defined at the test and step levels." items: - description: "Catch defines actions to be executed on failure." + description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." properties: command: description: "Command defines a command to run." diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml index 34e5e7f2e..49f38a57e 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml @@ -49,7 +49,7 @@ spec: catch: description: "Catch defines what the steps will execute when an error happens.\nThis will be combined with catch handlers defined at the step level." items: - description: "Catch defines actions to be executed on failure." + description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." properties: command: description: "Command defines a command to run." @@ -674,7 +674,7 @@ spec: catch: description: "Catch defines what the step will execute when an error happens." items: - description: "Catch defines actions to be executed on failure." + description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." properties: command: description: "Command defines a command to run." @@ -1227,7 +1227,7 @@ spec: cleanup: description: "Cleanup defines what will be executed after the test is terminated." items: - description: "Finally defines actions to be executed at the end of a test." + description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." properties: command: description: "Command defines a command to run." @@ -1808,7 +1808,7 @@ spec: finally: description: "Finally defines what the step will execute after the step is terminated." items: - description: "Finally defines actions to be executed at the end of a test." + description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." properties: command: description: "Command defines a command to run." @@ -2830,6 +2830,52 @@ spec: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" type: "object" + describe: + description: "Describe determines the resource describe collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + showEvents: + description: "Show Events indicates whether to include related events." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" description: description: "Description contains a description of the operation." type: "string" @@ -2885,6 +2931,91 @@ spec: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" type: "object" + events: + description: "Events determines the events collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + get: + description: "Get determines the resource get collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" patch: description: "Patch represents a patch operation." properties: @@ -2979,6 +3110,46 @@ spec: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" type: "object" + podLogs: + description: "PodLogs determines the pod logs collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + container: + description: "Container in pod to get logs from else --all-containers is used." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + tail: + description: "Tail is the number of last lines to collect from pods. If omitted or zero,\nthen the default is 10 if you use a selector, or -1 (all) if you use a pod name.\nThis matches default behavior of `kubectl logs`." + type: "integer" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" script: description: "Script defines a script to run." properties: diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml index 91dde7913..02d8e8762 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml @@ -91,7 +91,7 @@ spec: catch: description: "Catch defines what the tests steps will execute when an error happens.\nThis will be combined with catch handlers defined at the test and step levels." items: - description: "Catch defines actions to be executed on failure." + description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." properties: command: description: "Command defines a command to run." @@ -692,13 +692,16 @@ spec: type: "string" type: "object" templating: + default: {} description: "Templating contains the templating config." properties: enabled: + default: true description: "Enabled determines whether resources should be considered for templating." type: "boolean" type: "object" timeouts: + default: {} description: "Global timeouts configuration. Applies to all tests/test steps if not overridden." properties: apply: diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml new file mode 100644 index 000000000..6e2ce3cca --- /dev/null +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml @@ -0,0 +1,3499 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + controller-gen.kubebuilder.io/version: "v0.15.0" + name: "tests.chainsaw.kyverno.io" +spec: + group: "chainsaw.kyverno.io" + names: + kind: "Test" + listKind: "TestList" + plural: "tests" + singular: "test" + scope: "Cluster" + versions: + - name: "v1alpha2" + schema: + openAPIV3Schema: + description: "Test is the resource that contains a test definition." + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + description: "Test spec." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cleanup: + default: {} + description: "Cleanup contains cleanup configuration." + properties: + delayBeforeCleanup: + description: "DelayBeforeCleanup adds a delay between the time a test ends and the time cleanup starts." + type: "string" + skipDelete: + description: "If set, do not delete the resources after running a test." + type: "boolean" + type: "object" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + deletion: + default: {} + description: "Deletion contains the global deletion configuration." + properties: + propagation: + default: "Background" + description: "Propagation decides if a deletion will propagate to the dependents of\nthe object, and how the garbage collector will handle the propagation." + enum: + - "Orphan" + - "Background" + - "Foreground" + type: "string" + type: "object" + description: + description: "Description contains a description of the test." + type: "string" + error: + default: {} + description: "Error contains the global error configuration." + properties: + catch: + description: "Catch defines what the tests steps will execute when an error happens.\nThis will be combined with catch handlers defined at the test and step levels." + items: + description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." + properties: + command: + description: "Command defines a command to run." + properties: + args: + description: "Args is the command arguments." + items: + type: "string" + type: "array" + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + check: + description: "Check is an assertion tree to validate the operation outcome." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + entrypoint: + description: "Entrypoint is the command entry point to run." + type: "string" + env: + description: "Env defines additional environment variables." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + skipLogOutput: + description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "entrypoint" + type: "object" + delete: + description: "Delete represents a deletion operation." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + deletionPropagationPolicy: + description: "DeletionPropagationPolicy decides if a deletion will propagate to the dependents of\nthe object, and how the garbage collector will handle the propagation.\nOverrides the deletion propagation policy set in the Configuration, the Test and the TestStep." + enum: + - "Orphan" + - "Background" + - "Foreground" + type: "string" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + ref: + description: "Ref determines objects to be deleted." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + labels: + additionalProperties: + type: "string" + description: "Label selector to match objects to delete" + type: "object" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + describe: + description: "Describe determines the resource describe collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + showEvents: + description: "Show Events indicates whether to include related events." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + description: + description: "Description contains a description of the operation." + type: "string" + events: + description: "Events determines the events collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + get: + description: "Get determines the resource get collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + podLogs: + description: "PodLogs determines the pod logs collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + container: + description: "Container in pod to get logs from else --all-containers is used." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + tail: + description: "Tail is the number of last lines to collect from pods. If omitted or zero,\nthen the default is 10 if you use a selector, or -1 (all) if you use a pod name.\nThis matches default behavior of `kubectl logs`." + type: "integer" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + script: + description: "Script defines a script to run." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + check: + description: "Check is an assertion tree to validate the operation outcome." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + content: + description: "Content defines a shell script (run with \"sh -c ...\")." + type: "string" + env: + description: "Env defines additional environment variables." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + skipLogOutput: + description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + sleep: + description: "Sleep defines zzzz." + properties: + duration: + description: "Duration is the delay used for sleeping." + type: "string" + required: + - "duration" + type: "object" + wait: + description: "Wait determines the resource wait collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster where the wait operation will be performed (default cluster will be used if not specified)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + for: + description: "For specifies the condition to wait for." + properties: + condition: + description: "Condition specifies the condition to wait for." + properties: + name: + description: "Name defines the specific condition to wait for, e.g., \"Available\", \"Ready\"." + type: "string" + value: + description: "Value defines the specific condition status to wait for, e.g., \"True\", \"False\"." + type: "string" + required: + - "name" + type: "object" + deletion: + description: "Deletion specifies parameters for waiting on a resource's deletion." + type: "object" + jsonPath: + description: "JsonPath specifies the json path condition to wait for." + properties: + path: + description: "Path defines the json path to wait for, e.g. '{.status.phase}'." + type: "string" + value: + description: "Value defines the expected value to wait for, e.g., \"Running\"." + type: "string" + required: + - "path" + - "value" + type: "object" + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Specifies how long to wait for the condition to be met before timing out." + type: "string" + required: + - "apiVersion" + - "for" + - "kind" + type: "object" + type: "object" + type: "array" + type: "object" + execution: + default: {} + description: "Execution contains tests execution configuration." + properties: + concurrent: + default: true + description: "Concurrent determines whether the test should run concurrently with other tests." + type: "boolean" + skip: + description: "Skip determines whether the test should skipped." + type: "boolean" + terminationGracePeriod: + description: "TerminationGracePeriod forces the termination grace period on pods, statefulsets, daemonsets and deployments." + type: "string" + type: "object" + namespace: + default: {} + description: "Namespace contains properties for the namespace to use for tests." + properties: + name: + description: "Name defines the namespace to use for tests.\nIf not specified, every test will execute in a random ephemeral namespace\nunless the namespace is overridden in a the test spec." + type: "string" + template: + description: "Template defines a template to create the test namespace." + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" + steps: + description: "Steps defining the test." + items: + description: "TestStep contains the test step definition used in a test spec." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + catch: + description: "Catch defines what the step will execute when an error happens." + items: + description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." + properties: + command: + description: "Command defines a command to run." + properties: + args: + description: "Args is the command arguments." + items: + type: "string" + type: "array" + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + check: + description: "Check is an assertion tree to validate the operation outcome." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + entrypoint: + description: "Entrypoint is the command entry point to run." + type: "string" + env: + description: "Env defines additional environment variables." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + skipLogOutput: + description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "entrypoint" + type: "object" + delete: + description: "Delete represents a deletion operation." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + deletionPropagationPolicy: + description: "DeletionPropagationPolicy decides if a deletion will propagate to the dependents of\nthe object, and how the garbage collector will handle the propagation.\nOverrides the deletion propagation policy set in the Configuration, the Test and the TestStep." + enum: + - "Orphan" + - "Background" + - "Foreground" + type: "string" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + ref: + description: "Ref determines objects to be deleted." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + labels: + additionalProperties: + type: "string" + description: "Label selector to match objects to delete" + type: "object" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + describe: + description: "Describe determines the resource describe collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + showEvents: + description: "Show Events indicates whether to include related events." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + description: + description: "Description contains a description of the operation." + type: "string" + events: + description: "Events determines the events collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + get: + description: "Get determines the resource get collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + podLogs: + description: "PodLogs determines the pod logs collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + container: + description: "Container in pod to get logs from else --all-containers is used." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + tail: + description: "Tail is the number of last lines to collect from pods. If omitted or zero,\nthen the default is 10 if you use a selector, or -1 (all) if you use a pod name.\nThis matches default behavior of `kubectl logs`." + type: "integer" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + script: + description: "Script defines a script to run." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + check: + description: "Check is an assertion tree to validate the operation outcome." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + content: + description: "Content defines a shell script (run with \"sh -c ...\")." + type: "string" + env: + description: "Env defines additional environment variables." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + skipLogOutput: + description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + sleep: + description: "Sleep defines zzzz." + properties: + duration: + description: "Duration is the delay used for sleeping." + type: "string" + required: + - "duration" + type: "object" + wait: + description: "Wait determines the resource wait collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster where the wait operation will be performed (default cluster will be used if not specified)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + for: + description: "For specifies the condition to wait for." + properties: + condition: + description: "Condition specifies the condition to wait for." + properties: + name: + description: "Name defines the specific condition to wait for, e.g., \"Available\", \"Ready\"." + type: "string" + value: + description: "Value defines the specific condition status to wait for, e.g., \"True\", \"False\"." + type: "string" + required: + - "name" + type: "object" + deletion: + description: "Deletion specifies parameters for waiting on a resource's deletion." + type: "object" + jsonPath: + description: "JsonPath specifies the json path condition to wait for." + properties: + path: + description: "Path defines the json path to wait for, e.g. '{.status.phase}'." + type: "string" + value: + description: "Value defines the expected value to wait for, e.g., \"Running\"." + type: "string" + required: + - "path" + - "value" + type: "object" + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Specifies how long to wait for the condition to be met before timing out." + type: "string" + required: + - "apiVersion" + - "for" + - "kind" + type: "object" + type: "object" + type: "array" + cleanup: + description: "Cleanup defines what will be executed after the test is terminated." + items: + description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." + properties: + command: + description: "Command defines a command to run." + properties: + args: + description: "Args is the command arguments." + items: + type: "string" + type: "array" + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + check: + description: "Check is an assertion tree to validate the operation outcome." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + entrypoint: + description: "Entrypoint is the command entry point to run." + type: "string" + env: + description: "Env defines additional environment variables." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + skipLogOutput: + description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "entrypoint" + type: "object" + delete: + description: "Delete represents a deletion operation." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + deletionPropagationPolicy: + description: "DeletionPropagationPolicy decides if a deletion will propagate to the dependents of\nthe object, and how the garbage collector will handle the propagation.\nOverrides the deletion propagation policy set in the Configuration, the Test and the TestStep." + enum: + - "Orphan" + - "Background" + - "Foreground" + type: "string" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + ref: + description: "Ref determines objects to be deleted." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + labels: + additionalProperties: + type: "string" + description: "Label selector to match objects to delete" + type: "object" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + describe: + description: "Describe determines the resource describe collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + showEvents: + description: "Show Events indicates whether to include related events." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + description: + description: "Description contains a description of the operation." + type: "string" + events: + description: "Events determines the events collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + get: + description: "Get determines the resource get collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + podLogs: + description: "PodLogs determines the pod logs collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + container: + description: "Container in pod to get logs from else --all-containers is used." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + tail: + description: "Tail is the number of last lines to collect from pods. If omitted or zero,\nthen the default is 10 if you use a selector, or -1 (all) if you use a pod name.\nThis matches default behavior of `kubectl logs`." + type: "integer" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + script: + description: "Script defines a script to run." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + check: + description: "Check is an assertion tree to validate the operation outcome." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + content: + description: "Content defines a shell script (run with \"sh -c ...\")." + type: "string" + env: + description: "Env defines additional environment variables." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + skipLogOutput: + description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + sleep: + description: "Sleep defines zzzz." + properties: + duration: + description: "Duration is the delay used for sleeping." + type: "string" + required: + - "duration" + type: "object" + wait: + description: "Wait determines the resource wait collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster where the wait operation will be performed (default cluster will be used if not specified)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + for: + description: "For specifies the condition to wait for." + properties: + condition: + description: "Condition specifies the condition to wait for." + properties: + name: + description: "Name defines the specific condition to wait for, e.g., \"Available\", \"Ready\"." + type: "string" + value: + description: "Value defines the specific condition status to wait for, e.g., \"True\", \"False\"." + type: "string" + required: + - "name" + type: "object" + deletion: + description: "Deletion specifies parameters for waiting on a resource's deletion." + type: "object" + jsonPath: + description: "JsonPath specifies the json path condition to wait for." + properties: + path: + description: "Path defines the json path to wait for, e.g. '{.status.phase}'." + type: "string" + value: + description: "Value defines the expected value to wait for, e.g., \"Running\"." + type: "string" + required: + - "path" + - "value" + type: "object" + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Specifies how long to wait for the condition to be met before timing out." + type: "string" + required: + - "apiVersion" + - "for" + - "kind" + type: "object" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + deletionPropagationPolicy: + description: "DeletionPropagationPolicy decides if a deletion will propagate to the dependents of\nthe object, and how the garbage collector will handle the propagation.\nOverrides the deletion propagation policy set in both the Configuration and the Test." + enum: + - "Orphan" + - "Background" + - "Foreground" + type: "string" + description: + description: "Description contains a description of the test step." + type: "string" + finally: + description: "Finally defines what the step will execute after the step is terminated." + items: + description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." + properties: + command: + description: "Command defines a command to run." + properties: + args: + description: "Args is the command arguments." + items: + type: "string" + type: "array" + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + check: + description: "Check is an assertion tree to validate the operation outcome." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + entrypoint: + description: "Entrypoint is the command entry point to run." + type: "string" + env: + description: "Env defines additional environment variables." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + skipLogOutput: + description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "entrypoint" + type: "object" + delete: + description: "Delete represents a deletion operation." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + deletionPropagationPolicy: + description: "DeletionPropagationPolicy decides if a deletion will propagate to the dependents of\nthe object, and how the garbage collector will handle the propagation.\nOverrides the deletion propagation policy set in the Configuration, the Test and the TestStep." + enum: + - "Orphan" + - "Background" + - "Foreground" + type: "string" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + ref: + description: "Ref determines objects to be deleted." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + labels: + additionalProperties: + type: "string" + description: "Label selector to match objects to delete" + type: "object" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + describe: + description: "Describe determines the resource describe collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + showEvents: + description: "Show Events indicates whether to include related events." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + description: + description: "Description contains a description of the operation." + type: "string" + events: + description: "Events determines the events collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + get: + description: "Get determines the resource get collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + podLogs: + description: "PodLogs determines the pod logs collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + container: + description: "Container in pod to get logs from else --all-containers is used." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + tail: + description: "Tail is the number of last lines to collect from pods. If omitted or zero,\nthen the default is 10 if you use a selector, or -1 (all) if you use a pod name.\nThis matches default behavior of `kubectl logs`." + type: "integer" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + script: + description: "Script defines a script to run." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + check: + description: "Check is an assertion tree to validate the operation outcome." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + content: + description: "Content defines a shell script (run with \"sh -c ...\")." + type: "string" + env: + description: "Env defines additional environment variables." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + skipLogOutput: + description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + sleep: + description: "Sleep defines zzzz." + properties: + duration: + description: "Duration is the delay used for sleeping." + type: "string" + required: + - "duration" + type: "object" + wait: + description: "Wait determines the resource wait collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster where the wait operation will be performed (default cluster will be used if not specified)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + for: + description: "For specifies the condition to wait for." + properties: + condition: + description: "Condition specifies the condition to wait for." + properties: + name: + description: "Name defines the specific condition to wait for, e.g., \"Available\", \"Ready\"." + type: "string" + value: + description: "Value defines the specific condition status to wait for, e.g., \"True\", \"False\"." + type: "string" + required: + - "name" + type: "object" + deletion: + description: "Deletion specifies parameters for waiting on a resource's deletion." + type: "object" + jsonPath: + description: "JsonPath specifies the json path condition to wait for." + properties: + path: + description: "Path defines the json path to wait for, e.g. '{.status.phase}'." + type: "string" + value: + description: "Value defines the expected value to wait for, e.g., \"Running\"." + type: "string" + required: + - "path" + - "value" + type: "object" + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Specifies how long to wait for the condition to be met before timing out." + type: "string" + required: + - "apiVersion" + - "for" + - "kind" + type: "object" + type: "object" + type: "array" + name: + description: "Name of the step." + type: "string" + skipDelete: + description: "SkipDelete determines whether the resources created by the step should be deleted after the test step is executed." + type: "boolean" + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeouts: + description: "Timeouts for the test step. Overrides the global timeouts set in the Configuration and the timeouts eventually set in the Test." + properties: + apply: + description: "Apply defines the timeout for the apply operation" + type: "string" + assert: + description: "Assert defines the timeout for the assert operation" + type: "string" + cleanup: + description: "Cleanup defines the timeout for the cleanup operation" + type: "string" + delete: + description: "Delete defines the timeout for the delete operation" + type: "string" + error: + description: "Error defines the timeout for the error operation" + type: "string" + exec: + description: "Exec defines the timeout for exec operations" + type: "string" + type: "object" + try: + description: "Try defines what the step will try to execute." + items: + description: "Operation defines a single operation, only one action is permitted for a given operation." + properties: + apply: + description: "Apply represents resources that should be applied for this test step. This can include things\nlike configuration settings or any other resources that need to be available during the test." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + resource: + description: "Resource provides a resource to be applied." + type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + assert: + description: "Assert represents an assertion to be made. It checks whether the conditions specified in the assertion hold true." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + resource: + description: "Check provides a check used in assertions." + type: "object" + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + command: + description: "Command defines a command to run." + properties: + args: + description: "Args is the command arguments." + items: + type: "string" + type: "array" + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + check: + description: "Check is an assertion tree to validate the operation outcome." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + entrypoint: + description: "Entrypoint is the command entry point to run." + type: "string" + env: + description: "Env defines additional environment variables." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + skipLogOutput: + description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "entrypoint" + type: "object" + continueOnError: + description: "ContinueOnError determines whether a test should continue or not in case the operation was not successful.\nEven if the test continues executing, it will still be reported as failed." + type: "boolean" + create: + description: "Create represents a creation operation." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + resource: + description: "Resource provides a resource to be applied." + type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + delete: + description: "Delete represents a deletion operation." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + deletionPropagationPolicy: + description: "DeletionPropagationPolicy decides if a deletion will propagate to the dependents of\nthe object, and how the garbage collector will handle the propagation.\nOverrides the deletion propagation policy set in the Configuration, the Test and the TestStep." + enum: + - "Orphan" + - "Background" + - "Foreground" + type: "string" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + ref: + description: "Ref determines objects to be deleted." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + labels: + additionalProperties: + type: "string" + description: "Label selector to match objects to delete" + type: "object" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + describe: + description: "Describe determines the resource describe collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + showEvents: + description: "Show Events indicates whether to include related events." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + description: + description: "Description contains a description of the operation." + type: "string" + error: + description: "Error represents the expected errors for this test step. If any of these errors occur, the test\nwill consider them as expected; otherwise, they will be treated as test failures." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + resource: + description: "Check provides a check used in assertions." + type: "object" + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + events: + description: "Events determines the events collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + get: + description: "Get determines the resource get collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + required: + - "apiVersion" + - "kind" + type: "object" + patch: + description: "Patch represents a patch operation." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + resource: + description: "Resource provides a resource to be applied." + type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + podLogs: + description: "PodLogs determines the pod logs collector to execute." + properties: + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + container: + description: "Container in pod to get logs from else --all-containers is used." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + tail: + description: "Tail is the number of last lines to collect from pods. If omitted or zero,\nthen the default is 10 if you use a selector, or -1 (all) if you use a pod name.\nThis matches default behavior of `kubectl logs`." + type: "integer" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + script: + description: "Script defines a script to run." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + check: + description: "Check is an assertion tree to validate the operation outcome." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + content: + description: "Content defines a shell script (run with \"sh -c ...\")." + type: "string" + env: + description: "Env defines additional environment variables." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + skipLogOutput: + description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + sleep: + description: "Sleep defines zzzz." + properties: + duration: + description: "Duration is the delay used for sleeping." + type: "string" + required: + - "duration" + type: "object" + update: + description: "Update represents an update operation." + properties: + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + resource: + description: "Resource provides a resource to be applied." + type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + wait: + description: "Wait determines the resource wait collector to execute." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + cluster: + description: "Cluster defines the target cluster where the wait operation will be performed (default cluster will be used if not specified)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" + for: + description: "For specifies the condition to wait for." + properties: + condition: + description: "Condition specifies the condition to wait for." + properties: + name: + description: "Name defines the specific condition to wait for, e.g., \"Available\", \"Ready\"." + type: "string" + value: + description: "Value defines the specific condition status to wait for, e.g., \"True\", \"False\"." + type: "string" + required: + - "name" + type: "object" + deletion: + description: "Deletion specifies parameters for waiting on a resource's deletion." + type: "object" + jsonPath: + description: "JsonPath specifies the json path condition to wait for." + properties: + path: + description: "Path defines the json path to wait for, e.g. '{.status.phase}'." + type: "string" + value: + description: "Value defines the expected value to wait for, e.g., \"Running\"." + type: "string" + required: + - "path" + - "value" + type: "object" + type: "object" + format: + description: "Format determines the output format (json or yaml)." + pattern: "^(?:json|yaml|\\(.+\\))$" + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + selector: + description: "Selector defines labels selector." + type: "string" + timeout: + description: "Timeout for the operation. Specifies how long to wait for the condition to be met before timing out." + type: "string" + required: + - "apiVersion" + - "for" + - "kind" + type: "object" + type: "object" + minItems: 1 + type: "array" + required: + - "try" + type: "object" + type: "array" + templating: + default: {} + description: "Templating contains the templating config." + properties: + enabled: + default: true + description: "Enabled determines whether resources should be considered for templating." + type: "boolean" + type: "object" + timeouts: + default: {} + description: "Timeouts for the test. Overrides the global timeouts set in the Configuration on a per operation basis." + properties: + apply: + description: "Apply defines the timeout for the apply operation" + type: "string" + assert: + description: "Assert defines the timeout for the assert operation" + type: "string" + cleanup: + description: "Cleanup defines the timeout for the cleanup operation" + type: "string" + delete: + description: "Delete defines the timeout for the delete operation" + type: "string" + error: + description: "Error defines the timeout for the error operation" + type: "string" + exec: + description: "Exec defines the timeout for exec operations" + type: "string" + type: "object" + required: + - "steps" + type: "object" + required: + - "spec" + type: "object" + served: true + storage: false diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml index 06774324d..426321ba6 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml @@ -169,6 +169,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" uid: description: "A unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs." type: "string" @@ -218,6 +219,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" uid: description: "A unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs." type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml index 670c46660..36ffe4ecc 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml @@ -169,6 +169,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" uid: description: "A unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs." type: "string" @@ -218,6 +219,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" uid: description: "A unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs." type: "string" diff --git a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/volumes.yaml b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/volumes.yaml index 061978e14..18133fcff 100644 --- a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/volumes.yaml +++ b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/volumes.yaml @@ -119,6 +119,13 @@ spec: engineImage: description: "Deprecated: Replaced by field `image`." type: "string" + freezeFilesystemForSnapshot: + description: "Setting that freezes the filesystem on the root partition before a snapshot is created." + enum: + - "ignored" + - "enabled" + - "disabled" + type: "string" fromBackup: type: "string" frontend: diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/connections.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/connections.yaml index a82049af6..6ad89dfc0 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/connections.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/connections.yaml @@ -122,7 +122,7 @@ spec: description: "Params to be used in the Connection." type: "object" passwordSecretKeyRef: - description: "PasswordSecretKeyRef is a reference to the password to use for configuring the Connection." + description: "PasswordSecretKeyRef is a reference to the password to use for configuring the Connection.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: key: description: "The key of the secret to select from. Must be a valid secret key." diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml index a2a8de557..9fca76f4f 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml @@ -2317,7 +2317,7 @@ spec: type: "string" type: "object" database: - description: "Database is the database to be created on bootstrap." + description: "Database is the initial database to be created by the operator once MariaDB is ready." type: "string" env: description: "Env represents the environment variables to be injected in a container." @@ -4909,7 +4909,7 @@ spec: format: "int32" type: "integer" clientPasswordSecretKeyRef: - description: "ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided." + description: "ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -4938,7 +4938,7 @@ spec: description: "Generate defies whether the operator should generate users and grants for MaxScale to work.\nIt only supports MariaDBs specified via spec.mariaDbRef." type: "boolean" metricsPasswordSecretKeyRef: - description: "MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled." + description: "MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -4965,7 +4965,7 @@ spec: format: "int32" type: "integer" monitorPasswordSecretKeyRef: - description: "MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided." + description: "MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -4992,7 +4992,7 @@ spec: format: "int32" type: "integer" serverPasswordSecretKeyRef: - description: "ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided." + description: "ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -5019,7 +5019,7 @@ spec: format: "int32" type: "integer" syncPasswordSecretKeyRef: - description: "SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled." + description: "SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -11989,7 +11989,7 @@ spec: type: "array" type: "object" passwordSecretKeyRef: - description: "PasswordSecretKeyRef is a reference to the password of the monitoring user used by the exporter." + description: "PasswordSecretKeyRef is a reference to the password of the monitoring user used by the exporter.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -12032,7 +12032,7 @@ spec: description: "MyCnf allows to specify the my.cnf file mounted by Mariadb.\nUpdating this field will trigger an update to the Mariadb resource." type: "string" myCnfConfigMapKeyRef: - description: "MyCnfConfigMapKeyRef is a reference to the my.cnf config file provided via a ConfigMap.\nIf not provided, it will be defaulted with a reference to a ConfigMap containing the MyCnf field.\nIf the referred ConfigMap is labeled with \"k8s.mariadb.com/watch\",\nan update to the Mariadb resource will be triggered when the ConfigMap is updated." + description: "MyCnfConfigMapKeyRef is a reference to the my.cnf config file provided via a ConfigMap.\nIf not provided, it will be defaulted with a reference to a ConfigMap containing the MyCnf field.\nIf the referred ConfigMap is labeled with \"k8s.mariadb.com/watch\", an update to the Mariadb resource will be triggered when the ConfigMap is updated." properties: key: description: "The key to select." @@ -12053,7 +12053,7 @@ spec: description: "NodeSelector to be used in the Pod." type: "object" passwordSecretKeyRef: - description: "PasswordSecretKeyRef is a Secret reference to the password of the initial user created on bootstrap." + description: "PasswordSecretKeyRef is a reference to a Secret that contains the password for the initial user.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -13554,7 +13554,7 @@ spec: type: "string" type: "object" username: - description: "Username is the username of the initial user created on bootstrap." + description: "Username is the initial username to be created by the operator once MariaDB is ready. It has all privileges on the initial database." type: "string" volumeMounts: description: "VolumeMounts to be used in the Container." diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/maxscales.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/maxscales.yaml index 8ae88f9db..cc10d4271 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/maxscales.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/maxscales.yaml @@ -614,7 +614,7 @@ spec: format: "int32" type: "integer" clientPasswordSecretKeyRef: - description: "ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided." + description: "ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -643,7 +643,7 @@ spec: description: "Generate defies whether the operator should generate users and grants for MaxScale to work.\nIt only supports MariaDBs specified via spec.mariaDbRef." type: "boolean" metricsPasswordSecretKeyRef: - description: "MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled." + description: "MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -670,7 +670,7 @@ spec: format: "int32" type: "integer" monitorPasswordSecretKeyRef: - description: "MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided." + description: "MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -697,7 +697,7 @@ spec: format: "int32" type: "integer" serverPasswordSecretKeyRef: - description: "ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided." + description: "ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -724,7 +724,7 @@ spec: format: "int32" type: "integer" syncPasswordSecretKeyRef: - description: "SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled." + description: "SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/users.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/users.yaml index e03bb5ef8..942f1f556 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/users.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/users.yaml @@ -91,7 +91,7 @@ spec: maxLength: 80 type: "string" passwordSecretKeyRef: - description: "PasswordSecretKeyRef is a reference to the password to be used by the User.\nIf not provided, the account will be locked and the password will expire." + description: "PasswordSecretKeyRef is a reference to the password to be used by the User.\nIf not provided, the account will be locked and the password will expire.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: key: description: "The key of the secret to select from. Must be a valid secret key." diff --git a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml index 313d49a5d..a512e1aff 100644 --- a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml +++ b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml @@ -57,10 +57,10 @@ spec: description: "`env` allows passing custom environment variables to underlying components. Useful for passing\nsome very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be\npublicly exposed as part of the FlowCollector descriptor, as they are only useful\nin edge debug or support scenarios." type: "object" scheduling: - description: "scheduling controls whether the pod will be scheduled or not." + description: "scheduling controls how the pods are scheduled on nodes." properties: affinity: - description: "If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling" + description: "If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling." properties: nodeAffinity: description: "Describes node affinity scheduling rules for the pod." @@ -582,14 +582,14 @@ spec: nodeSelector: additionalProperties: type: "string" - description: "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: "`nodeSelector` allows to schedule pods only onto nodes that have each of the specified labels.\nFor documentation, refer to https://kubernetes.io/docs/concepts/configuration/assign-pod-node/." type: "object" x-kubernetes-map-type: "atomic" priorityClassName: - description: "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault." + description: "If specified, indicates the pod's priority. For documentation, refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#how-to-use-priority-and-preemption.\nIf not specified, default priority is used, or zero if there is no default." type: "string" tolerations: - description: "tolerations is a list of tolerations that allow the pod to schedule onto nodes with matching taints." + description: "`tolerations` is a list of tolerations that allow the pod to schedule onto nodes with matching taints.\nFor documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling." items: description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: @@ -645,22 +645,22 @@ spec: description: "`flowFilter` defines the eBPF agent configuration regarding flow filtering" properties: action: - description: "Action defines the action to perform on the flows that match the filter." + description: "`action` defines the action to perform on the flows that match the filter." enum: - "Accept" - "Reject" type: "string" cidr: - description: "CIDR defines the IP CIDR to filter flows by.\nExample: 10.10.10.0/24 or 100:100:100:100::/64" + description: "`cidr` defines the IP CIDR to filter flows by.\nExamples: `10.10.10.0/24` or `100:100:100:100::/64`" type: "string" destPorts: anyOf: - type: "integer" - type: "string" - description: "DestPorts defines the destination ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example destPorts: 80.\nTo filter a range of ports, use a \"start-end\" range, string format. For example destPorts: \"80-100\"." + description: "`destPorts` defines the destination ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example: `destPorts: 80`.\nTo filter a range of ports, use a \"start-end\" range, string format. For example: `destPorts: \"80-100\"`." x-kubernetes-int-or-string: true direction: - description: "Direction defines the direction to filter flows by." + description: "`direction` defines the direction to filter flows by." enum: - "Ingress" - "Egress" @@ -669,22 +669,22 @@ spec: description: "Set `enable` to `true` to enable eBPF flow filtering feature." type: "boolean" icmpCode: - description: "ICMPCode defines the ICMP code to filter flows by." + description: "`icmpCode` defines the ICMP code to filter flows by." type: "integer" icmpType: - description: "ICMPType defines the ICMP type to filter flows by." + description: "`icmpType` defines the ICMP type to filter flows by." type: "integer" peerIP: - description: "PeerIP defines the IP address to filter flows by.\nExample: 10.10.10.10" + description: "`peerIP` defines the IP address to filter flows by.\nExample: `10.10.10.10`." type: "string" ports: anyOf: - type: "integer" - type: "string" - description: "Ports defines the ports to filter flows by. it can be user for either source or destination ports.\nTo filter a single port, set a single port as an integer value. For example ports: 80.\nTo filter a range of ports, use a \"start-end\" range, string format. For example ports: \"80-10" + description: "`ports` defines the ports to filter flows by, used both for source and destination ports.\nTo filter a single port, set a single port as an integer value. For example: `ports: 80`.\nTo filter a range of ports, use a \"start-end\" range, string format. For example: `ports: \"80-100\"`." x-kubernetes-int-or-string: true protocol: - description: "Protocol defines the protocol to filter flows by." + description: "`protocol` defines the protocol to filter flows by." enum: - "TCP" - "UDP" @@ -696,7 +696,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "SourcePorts defines the source ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example sourcePorts: 80.\nTo filter a range of ports, use a \"start-end\" range, string format. For example sourcePorts: \"80-100\"." + description: "`sourcePorts` defines the source ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example: `sourcePorts: 80`.\nTo filter a range of ports, use a \"start-end\" range, string format. For example: `sourcePorts: \"80-100\"`." x-kubernetes-int-or-string: true type: "object" imagePullPolicy: @@ -708,7 +708,7 @@ spec: - "Never" type: "string" interfaces: - description: "`interfaces` contains the interface names from where flows are collected. If empty, the agent\nfetches all the interfaces in the system, excepting the ones listed in ExcludeInterfaces.\nAn entry enclosed by slashes, such as `/br-/`, is matched as a regular expression.\nOtherwise it is matched as a case-sensitive string." + description: "`interfaces` contains the interface names from where flows are collected. If empty, the agent\nfetches all the interfaces in the system, excepting the ones listed in `excludeInterfaces`.\nAn entry enclosed by slashes, such as `/br-/`, is matched as a regular expression.\nOtherwise it is matched as a case-sensitive string." items: type: "string" type: "array" @@ -740,13 +740,13 @@ spec: type: "string" type: "array" enable: - description: "Set `enable` to `false` to disable eBPF agent metrics collection, by default it's `true`." + description: "Set `enable` to `false` to disable eBPF agent metrics collection. It is enabled by default." type: "boolean" server: description: "Metrics server endpoint configuration for Prometheus scraper" properties: port: - description: "The prometheus HTTP port" + description: "The metrics server HTTP port" format: "int32" maximum: 65535.0 minimum: 1.0 @@ -916,7 +916,7 @@ spec: type: "object" type: default: "eBPF" - description: "`type` [deprecated (*)] selects the flows tracing agent. The only possible value is `eBPF` (default), to use NetObserv eBPF agent.
\nPreviously, using an IPFIX collector was allowed, but was deprecated and it is now removed.
\nSetting `IPFIX` is ignored and still use the eBPF Agent.\nSince there is only a single option here, this field will be remove in a future API version." + description: "`type` [deprecated (*)] selects the flows tracing agent. Previously, this field allowed to select between `eBPF` or `IPFIX`.\nOnly `eBPF` is allowed now, so this field is deprecated and is planned for removal in a future version of the API." enum: - "eBPF" - "IPFIX" @@ -950,10 +950,10 @@ spec: description: "`register` allows, when set to `true`, to automatically register the provided console plugin with the OpenShift Console operator.\nWhen set to `false`, you can still register it manually by editing console.operator.openshift.io/cluster with the following command:\n`oc patch console.operator.openshift.io cluster --type='json' -p '[{\"op\": \"add\", \"path\": \"/spec/plugins/-\", \"value\": \"netobserv-plugin\"}]'`" type: "boolean" scheduling: - description: "scheduling controls whether the pod will be scheduled or not." + description: "scheduling controls how the pods are scheduled on nodes." properties: affinity: - description: "If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling" + description: "If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling." properties: nodeAffinity: description: "Describes node affinity scheduling rules for the pod." @@ -1475,14 +1475,14 @@ spec: nodeSelector: additionalProperties: type: "string" - description: "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: "`nodeSelector` allows to schedule pods only onto nodes that have each of the specified labels.\nFor documentation, refer to https://kubernetes.io/docs/concepts/configuration/assign-pod-node/." type: "object" x-kubernetes-map-type: "atomic" priorityClassName: - description: "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault." + description: "If specified, indicates the pod's priority. For documentation, refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#how-to-use-priority-and-preemption.\nIf not specified, default priority is used, or zero if there is no default." type: "string" tolerations: - description: "tolerations is a list of tolerations that allow the pod to schedule onto nodes with matching taints." + description: "`tolerations` is a list of tolerations that allow the pod to schedule onto nodes with matching taints.\nFor documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling." items: description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: @@ -2240,7 +2240,7 @@ spec: description: "Set `enable` to `true` to store flows in Loki.\nThe Console plugin can use either Loki or Prometheus as a data source for metrics (see also `spec.prometheus.querier`), or both.\nNot all queries are transposable from Loki to Prometheus. Hence, if Loki is disabled, some features of the plugin are disabled as well,\nsuch as getting per-pod information or viewing raw flows.\nIf both Prometheus and Loki are enabled, Prometheus takes precedence and Loki is used as a fallback for queries that Prometheus cannot handle.\nIf they are both disabled, the Console plugin is not deployed." type: "boolean" lokiStack: - description: "Loki configuration for `LokiStack` mode. This is useful for an easy loki-operator configuration.\nIt is ignored for other modes." + description: "Loki configuration for `LokiStack` mode. This is useful for an easy Loki Operator configuration.\nIt is ignored for other modes." properties: name: default: "loki" @@ -2625,10 +2625,10 @@ spec: minimum: 0.0 type: "integer" scheduling: - description: "scheduling controls whether the pod will be scheduled or not." + description: "scheduling controls how the pods are scheduled on nodes." properties: affinity: - description: "If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling" + description: "If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling." properties: nodeAffinity: description: "Describes node affinity scheduling rules for the pod." @@ -3150,14 +3150,14 @@ spec: nodeSelector: additionalProperties: type: "string" - description: "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: "`nodeSelector` allows to schedule pods only onto nodes that have each of the specified labels.\nFor documentation, refer to https://kubernetes.io/docs/concepts/configuration/assign-pod-node/." type: "object" x-kubernetes-map-type: "atomic" priorityClassName: - description: "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault." + description: "If specified, indicates the pod's priority. For documentation, refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#how-to-use-priority-and-preemption.\nIf not specified, default priority is used, or zero if there is no default." type: "string" tolerations: - description: "tolerations is a list of tolerations that allow the pod to schedule onto nodes with matching taints." + description: "`tolerations` is a list of tolerations that allow the pod to schedule onto nodes with matching taints.\nFor documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling." items: description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: @@ -3561,7 +3561,7 @@ spec: description: "Metrics server endpoint configuration for Prometheus scraper" properties: port: - description: "The prometheus HTTP port" + description: "The metrics server HTTP port" format: "int32" maximum: 65535.0 minimum: 1.0 @@ -3675,7 +3675,7 @@ spec: type: "object" type: "object" subnetLabels: - description: "`SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift.\nWhen a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`." + description: "`subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift, which is used to identify cluster external traffic.\nWhen a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`." properties: customLabels: description: "`customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services.\nIf you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap." @@ -3704,8 +3704,7 @@ spec: description: "Prometheus querying configuration, such as client settings, used in the Console plugin." properties: enable: - default: true - description: "Set `enable` to `true` to make the Console plugin querying flow metrics from Prometheus instead of Loki whenever possible.\nThe Console plugin can use either Loki or Prometheus as a data source for metrics (see also `spec.loki`), or both.\nNot all queries are transposable from Loki to Prometheus. Hence, if Loki is disabled, some features of the plugin are disabled as well,\nsuch as getting per-pod information or viewing raw flows.\nIf both Prometheus and Loki are enabled, Prometheus takes precedence and Loki is used as a fallback for queries that Prometheus cannot handle.\nIf they are both disabled, the Console plugin is not deployed." + description: "When `enable` is `true`, the Console plugin queries flow metrics from Prometheus instead of Loki whenever possible.\nIt is enbaled by default: set it to `false` to disable this feature.\nThe Console plugin can use either Loki or Prometheus as a data source for metrics (see also `spec.loki`), or both.\nNot all queries are transposable from Loki to Prometheus. Hence, if Loki is disabled, some features of the plugin are disabled as well,\nsuch as getting per-pod information or viewing raw flows.\nIf both Prometheus and Loki are enabled, Prometheus takes precedence and Loki is used as a fallback for queries that Prometheus cannot handle.\nIf they are both disabled, the Console plugin is not deployed." type: "boolean" manual: description: "Prometheus configuration for `Manual` mode." diff --git a/crd-catalog/open-cluster-management-io/ocm/operator.open-cluster-management.io/v1/klusterlets.yaml b/crd-catalog/open-cluster-management-io/ocm/operator.open-cluster-management.io/v1/klusterlets.yaml index 020472693..4e1bcb1bf 100644 --- a/crd-catalog/open-cluster-management-io/ocm/operator.open-cluster-management.io/v1/klusterlets.yaml +++ b/crd-catalog/open-cluster-management-io/ocm/operator.open-cluster-management.io/v1/klusterlets.yaml @@ -127,10 +127,14 @@ spec: format: "int32" minimum: 180.0 type: "integer" - secretNames: - description: "SecretNames is a list of secret names. The secrets are in the same namespace where the agent controller runs." + kubeConfigSecrets: + description: "KubeConfigSecrets is a list of secret names. The secrets are in the same namespace where the agent controller runs." items: - type: "string" + properties: + name: + description: "Name is the name of the secret." + type: "string" + type: "object" type: "array" type: "object" type: diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml index b8d4ddd2c..d7252e87e 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml @@ -83,12 +83,16 @@ spec: completed: format: "date-time" type: "string" + crVersion: + type: "string" destination: type: "string" image: type: "string" jobName: type: "string" + latestRestorableTime: + type: "string" repo: description: "PGBackRestRepo represents a pgBackRest repository. Only one of its members may be specified." properties: diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml index 246ae076e..92c6ae5d4 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml @@ -133,7 +133,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -219,7 +220,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -244,6 +246,92 @@ spec: type: "object" type: "object" type: "array" + containers: + description: "Configuration for pgBackRest sidecar containers" + properties: + pgbackrest: + description: "Defines the configuration for the pgBackRest sidecar container" + properties: + resources: + description: "Resource requirements for a sidecar container" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + type: "object" + pgbackrestConfig: + description: "Defines the configuration for the pgBackRest config sidecar container" + properties: + resources: + description: "Resource requirements for a sidecar container" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + type: "object" + type: "object" global: additionalProperties: type: "string" @@ -1731,7 +1819,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -1763,7 +1852,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -2695,7 +2785,7 @@ spec: - "repoName" type: "object" sidecars: - description: "Configuration for pgBackRest sidecar containers" + description: "Deprecated: Use Containers instead" properties: pgbackrest: description: "Defines the configuration for the pgBackRest sidecar container" @@ -3430,7 +3520,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3516,7 +3607,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4708,7 +4800,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4739,7 +4832,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5302,6 +5396,51 @@ spec: x-kubernetes-list-type: "atomic" type: "object" type: "object" + containers: + description: "Configuration for instance default sidecar containers." + properties: + replicaCertCopy: + description: "Defines the configuration for the replica cert copy sidecar container" + properties: + resources: + description: "Resource requirements for a sidecar container" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + type: "object" + type: "object" dataVolumeClaimSpec: description: "Defines a PersistentVolumeClaim for PostgreSQL data.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes" properties: @@ -5453,7 +5592,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5502,7 +5642,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5528,7 +5669,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -5542,7 +5684,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -6504,7 +6647,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6553,7 +6697,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6579,7 +6724,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -6593,7 +6739,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -8605,7 +8752,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -8691,7 +8839,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -8727,6 +8876,51 @@ spec: description: "Connection settings specific to particular users.\nMore info: https://www.pgbouncer.org/config.html#section-users" type: "object" type: "object" + containers: + description: "Configuration for pgBouncer default sidecar containers." + properties: + pgbouncerConfig: + description: "Defines the configuration for the pgBouncer config sidecar container" + properties: + resources: + description: "Resource requirements for a sidecar container" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + type: "object" + type: "object" customTLSSecret: description: "A secret projection containing a certificate and key with which to encrypt\nconnections to PgBouncer. The \"tls.crt\", \"tls.key\", and \"ca.crt\" paths must\nbe PEM-encoded certificates and keys. Changing this value causes PgBouncer\nto restart.\nMore info: https://kubernetes.io/docs/concepts/configuration/secret/#projection-of-secret-keys-to-specific-paths" properties: @@ -8752,7 +8946,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -9004,7 +9199,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -9053,7 +9249,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -9079,7 +9276,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -9093,7 +9291,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -9970,7 +10169,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -10002,7 +10202,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" diff --git a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml index dad7f3bf6..83b91af4a 100644 --- a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml +++ b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml @@ -211,7 +211,7 @@ spec: type: "string" type: "array" failsafeInboundHostPorts: - description: "FailsafeInboundHostPorts is a list of UDP/TCP ports and CIDRs that Felix will allow incoming traffic to host endpoints on irrespective of the security policy. This is useful to avoid accidentally cutting off a host with incorrect configuration. For back-compatibility, if the protocol is not specified, it defaults to \"tcp\". If a CIDR is not specified, it will allow traffic from all addresses. To disable all inbound host ports, use the value none. The default value allows ssh access and DHCP. [Default: tcp:22, udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]" + description: "FailsafeInboundHostPorts is a list of PortProto struct objects including UDP/TCP/SCTP ports and CIDRs that Felix will allow incoming traffic to host endpoints on irrespective of the security policy. This is useful to avoid accidentally cutting off a host with incorrect configuration. For backwards compatibility, if the protocol is not specified, it defaults to \"tcp\". If a CIDR is not specified, it will allow traffic from all addresses. To disable all inbound host ports, use the value \"[]\". The default value allows ssh access, DHCP, BGP, etcd and the Kubernetes API. [Default: tcp:22, udp:68, tcp:179, tcp:2379, tcp:2380, tcp:5473, tcp:6443, tcp:6666, tcp:6667 ]" items: description: "ProtoPort is combination of protocol, port, and CIDR. Protocol and port must be specified." properties: @@ -227,7 +227,7 @@ spec: type: "object" type: "array" failsafeOutboundHostPorts: - description: "FailsafeOutboundHostPorts is a list of UDP/TCP ports and CIDRs that Felix will allow outgoing traffic from host endpoints to irrespective of the security policy. This is useful to avoid accidentally cutting off a host with incorrect configuration. For back-compatibility, if the protocol is not specified, it defaults to \"tcp\". If a CIDR is not specified, it will allow traffic from all addresses. To disable all outbound host ports, use the value none. The default value opens etcd's standard ports to ensure that Felix does not get cut off from etcd as well as allowing DHCP and DNS. [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667, udp:53, udp:67]" + description: "FailsafeOutboundHostPorts is a list of List of PortProto struct objects including UDP/TCP/SCTP ports and CIDRs that Felix will allow outgoing traffic from host endpoints to irrespective of the security policy. This is useful to avoid accidentally cutting off a host with incorrect configuration. For backwards compatibility, if the protocol is not specified, it defaults to \"tcp\". If a CIDR is not specified, it will allow traffic from all addresses. To disable all outbound host ports, use the value \"[]\". The default value opens etcd's standard ports to ensure that Felix does not get cut off from etcd as well as allowing DHCP, DNS, BGP and the Kubernetes API. [Default: udp:53, udp:67, tcp:179, tcp:2379, tcp:2380, tcp:5473, tcp:6443, tcp:6666, tcp:6667 ]" items: description: "ProtoPort is combination of protocol, port, and CIDR. Protocol and port must be specified." properties: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml index 36624c651..054555993 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml @@ -2800,6 +2800,12 @@ spec: description: "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate." format: "int32" type: "integer" + mode: + description: "Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s).\nFor now this field has no effect.\n\n\n(Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled." + enum: + - "StatefulSet" + - "DaemonSet" + type: "string" nodeSelector: additionalProperties: type: "string" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml index 7dcb0d151..48bef9737 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml @@ -1419,86 +1419,12 @@ spec: - "host" type: "object" type: "array" - ec2SDConfigs: - description: "EC2SDConfigs defines a list of EC2 service discovery configurations." - items: - description: "EC2SDConfig allow retrieving scrape targets from AWS EC2 instances.\nThe private IP address is used by default, but may be changed to the public IP address with relabeling.\nThe IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config" - properties: - accessKey: - description: "AccessKey is the AWS API key." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - filters: - description: "Filters can be used optionally to filter the instance list by other criteria.\nAvailable filter criteria can be found here:\nhttps://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html\nFilter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html" - items: - description: "EC2Filter is the configuration for filtering EC2 instances." - properties: - name: - type: "string" - values: - items: - type: "string" - type: "array" - required: - - "name" - - "values" - type: "object" - type: "array" - port: - description: "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule." - type: "integer" - refreshInterval: - description: "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list." - pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" - type: "string" - region: - description: "The AWS region" - type: "string" - roleARN: - description: "AWS Role ARN, an alternative to using AWS API keys." - type: "string" - secretKey: - description: "SecretKey is the AWS API secret." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "array" - enableCompression: - description: "When false, Prometheus will request uncompressed response from the scraped target.\n\n\nIt requires Prometheus >= v2.49.0.\n\n\nIf unset, Prometheus uses true by default." - type: "boolean" - eurekaSDConfigs: - description: "EurekaSDConfigs defines a list of Eureka service discovery configurations." + dockerSwarmSDConfigs: + description: "DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations." items: - description: "Eureka SD configurations allow retrieving scrape targets using the Eureka REST API.\nPrometheus will periodically check the REST endpoint and create a target for every app instance.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config" properties: authorization: - description: "Authorization header to use on every scrape request." + description: "Authorization header configuration to authenticate against the target HTTP endpoint." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -1522,7 +1448,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to use on every scrape request." + description: "Optional HTTP basic authentication information." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -1562,14 +1488,37 @@ spec: enableHTTP2: description: "Whether to enable HTTP2." type: "boolean" + filters: + description: "Optional filters to limit the discovery process to a subset of available\nresources.\nThe available filters are listed in the upstream documentation:\nServices: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList\nTasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList\nNodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList" + items: + description: "Filter is the configuration to limit the discovery process to a subset of available resources." + properties: + name: + description: "Name is the key of the field to check against." + type: "string" + values: + description: "Values is the value or set of values to check for a match." + items: + type: "string" + minItems: 1 + type: "array" + required: + - "name" + - "values" + type: "object" + type: "array" followRedirects: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" + host: + description: "Address of the Docker daemon" + pattern: "^[a-zA-Z][a-zA-Z0-9+.-]*://.+$" + type: "string" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization` or `basic_auth`." + description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -1645,6 +1594,12 @@ spec: - "clientSecret" - "tokenUrl" type: "object" + port: + description: "The port to scrape metrics from, when `role` is nodes, and for discovered\ntasks and services that don't have published ports." + format: "int32" + maximum: 65535.0 + minimum: 0.0 + type: "integer" proxyConnectHeader: additionalProperties: items: @@ -1676,15 +1631,18 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "Refresh interval to re-read the instance list." + description: "The time after which the service discovery data is refreshed." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - server: - description: "The URL to connect to the Eureka server." - minLength: 1 + role: + description: "Role of the targets to retrieve. Must be `Services`, `Tasks`, or `Nodes`." + enum: + - "Services" + - "Tasks" + - "Nodes" type: "string" tlsConfig: - description: "TLS configuration applying to the target HTTP endpoint." + description: "TLS configuration to use on every scrape request" properties: ca: description: "Certificate authority used when verifying server certificates." @@ -1787,68 +1745,90 @@ spec: type: "string" type: "object" required: - - "server" + - "host" + - "role" type: "object" type: "array" - fileSDConfigs: - description: "FileSDConfigs defines a list of file service discovery configurations." + ec2SDConfigs: + description: "EC2SDConfigs defines a list of EC2 service discovery configurations." items: - description: "FileSDConfig defines a Prometheus file service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config" + description: "EC2SDConfig allow retrieving scrape targets from AWS EC2 instances.\nThe private IP address is used by default, but may be changed to the public IP address with relabeling.\nThe IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config" properties: - files: - description: "List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the\nprometheus-operator project makes no guarantees about the working directory where the configuration file is\nstored.\nFiles must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets." + accessKey: + description: "AccessKey is the AWS API key." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + filters: + description: "Filters can be used optionally to filter the instance list by other criteria.\nAvailable filter criteria can be found here:\nhttps://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html\nFilter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html" items: - description: "SDFile represents a file used for service discovery" - pattern: "^[^*]*(\\*[^/]*)?\\.(json|yml|yaml|JSON|YML|YAML)$" - type: "string" - minItems: 1 + description: "EC2Filter is the configuration for filtering EC2 instances." + properties: + name: + type: "string" + values: + items: + type: "string" + type: "array" + required: + - "name" + - "values" + type: "object" type: "array" - refreshInterval: - description: "RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files." - pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" - type: "string" - required: - - "files" - type: "object" - type: "array" - gceSDConfigs: - description: "GCESDConfigs defines a list of GCE service discovery configurations." - items: - description: "GCESDConfig configures scrape targets from GCP GCE instances.\nThe private IP address is used by default, but may be changed to\nthe public IP address with relabeling.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config\n\n\nThe GCE service discovery will load the Google Cloud credentials\nfrom the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.\nSee https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform\n\n\nA pre-requisite for using GCESDConfig is that a Secret containing valid\nGoogle Cloud credentials is mounted into the Prometheus or PrometheusAgent\npod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS\nenvironment variable is set to /etc/prometheus/secrets//." - properties: - filter: - description: "Filter can be used optionally to filter the instance list by other criteria\nSyntax of this filter is described in the filter query parameter section:\nhttps://cloud.google.com/compute/docs/reference/latest/instances/list" - type: "string" port: description: "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule." type: "integer" - project: - description: "The Google Cloud Project ID" - minLength: 1 - type: "string" refreshInterval: description: "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - tagSeparator: - description: "The tag separator is used to separate the tags on concatenation" + region: + description: "The AWS region" type: "string" - zone: - description: "The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs." - minLength: 1 + roleARN: + description: "AWS Role ARN, an alternative to using AWS API keys." type: "string" - required: - - "project" - - "zone" + secretKey: + description: "SecretKey is the AWS API secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" type: "object" type: "array" - hetznerSDConfigs: - description: "HetznerSDConfigs defines a list of Hetzner service discovery configurations." + enableCompression: + description: "When false, Prometheus will request uncompressed response from the scraped target.\n\n\nIt requires Prometheus >= v2.49.0.\n\n\nIf unset, Prometheus uses true by default." + type: "boolean" + eurekaSDConfigs: + description: "EurekaSDConfigs defines a list of Eureka service discovery configurations." items: - description: "HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API.\nThis service discovery uses the public IPv4 address by default, but that can be changed with relabeling\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config" + description: "Eureka SD configurations allow retrieving scrape targets using the Eureka REST API.\nPrometheus will periodically check the REST endpoint and create a target for every app instance.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config" properties: authorization: - description: "Authorization header configuration, required when role is hcloud.\nRole robot does not support bearer token authentication." + description: "Authorization header to use on every scrape request." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -1872,7 +1852,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to use on every scrape request, required when role is robot.\nRole hcloud does not support basic auth." + description: "BasicAuth information to use on every scrape request." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -1919,7 +1899,7 @@ spec: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "Optional OAuth 2.0 configuration.\nCannot be used at the same time as `basic_auth` or `authorization`." + description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization` or `basic_auth`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -1995,9 +1975,6 @@ spec: - "clientSecret" - "tokenUrl" type: "object" - port: - description: "The port to scrape metrics from." - type: "integer" proxyConnectHeader: additionalProperties: items: @@ -2029,19 +2006,15 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "The time after which the servers are refreshed." + description: "Refresh interval to re-read the instance list." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - role: - description: "The Hetzner role of entities that should be discovered." - enum: - - "hcloud" - - "Hcloud" - - "robot" - - "Robot" + server: + description: "The URL to connect to the Eureka server." + minLength: 1 type: "string" tlsConfig: - description: "TLS configuration to use on every scrape request." + description: "TLS configuration applying to the target HTTP endpoint." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -2144,28 +2117,74 @@ spec: type: "string" type: "object" required: - - "role" + - "server" type: "object" type: "array" - honorLabels: - description: "HonorLabels chooses the metric's labels on collisions with target labels." - type: "boolean" - honorTimestamps: - description: "HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data." - type: "boolean" - httpSDConfigs: - description: "HTTPSDConfigs defines a list of HTTP service discovery configurations." + fileSDConfigs: + description: "FileSDConfigs defines a list of file service discovery configurations." items: - description: "HTTPSDConfig defines a prometheus HTTP service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config" + description: "FileSDConfig defines a Prometheus file service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config" properties: - authorization: - description: "Authorization header configuration to authenticate against the target HTTP endpoint." - properties: - credentials: - description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." + files: + description: "List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the\nprometheus-operator project makes no guarantees about the working directory where the configuration file is\nstored.\nFiles must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets." + items: + description: "SDFile represents a file used for service discovery" + pattern: "^[^*]*(\\*[^/]*)?\\.(json|yml|yaml|JSON|YML|YAML)$" + type: "string" + minItems: 1 + type: "array" + refreshInterval: + description: "RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + required: + - "files" + type: "object" + type: "array" + gceSDConfigs: + description: "GCESDConfigs defines a list of GCE service discovery configurations." + items: + description: "GCESDConfig configures scrape targets from GCP GCE instances.\nThe private IP address is used by default, but may be changed to\nthe public IP address with relabeling.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config\n\n\nThe GCE service discovery will load the Google Cloud credentials\nfrom the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.\nSee https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform\n\n\nA pre-requisite for using GCESDConfig is that a Secret containing valid\nGoogle Cloud credentials is mounted into the Prometheus or PrometheusAgent\npod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS\nenvironment variable is set to /etc/prometheus/secrets//." + properties: + filter: + description: "Filter can be used optionally to filter the instance list by other criteria\nSyntax of this filter is described in the filter query parameter section:\nhttps://cloud.google.com/compute/docs/reference/latest/instances/list" + type: "string" + port: + description: "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule." + type: "integer" + project: + description: "The Google Cloud Project ID" + minLength: 1 + type: "string" + refreshInterval: + description: "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + tagSeparator: + description: "The tag separator is used to separate the tags on concatenation" + type: "string" + zone: + description: "The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs." + minLength: 1 + type: "string" + required: + - "project" + - "zone" + type: "object" + type: "array" + hetznerSDConfigs: + description: "HetznerSDConfigs defines a list of Hetzner service discovery configurations." + items: + description: "HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API.\nThis service discovery uses the public IPv4 address by default, but that can be changed with relabeling\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config" + properties: + authorization: + description: "Authorization header configuration, required when role is hcloud.\nRole robot does not support bearer token authentication." + properties: + credentials: + description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" @@ -2183,7 +2202,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to authenticate against the target HTTP endpoint.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints" + description: "BasicAuth information to use on every scrape request, required when role is robot.\nRole hcloud does not support basic auth." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -2220,9 +2239,95 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" + enableHTTP2: + description: "Whether to enable HTTP2." + type: "boolean" + followRedirects: + description: "Configure whether HTTP requests follow HTTP 3xx redirects." + type: "boolean" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." type: "string" + oauth2: + description: "Optional OAuth 2.0 configuration.\nCannot be used at the same time as `basic_auth` or `authorization`." + properties: + clientId: + description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + clientSecret: + description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + endpointParams: + additionalProperties: + type: "string" + description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." + type: "object" + scopes: + description: "`scopes` defines the OAuth2 scopes used for the token request." + items: + type: "string" + type: "array" + tokenUrl: + description: "`tokenURL` configures the URL to fetch the token from." + minLength: 1 + type: "string" + required: + - "clientId" + - "clientSecret" + - "tokenUrl" + type: "object" + port: + description: "The port to scrape metrics from." + type: "integer" proxyConnectHeader: additionalProperties: items: @@ -2254,11 +2359,19 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "RefreshInterval configures the refresh interval at which Prometheus will re-query the\nendpoint to update the target list." + description: "The time after which the servers are refreshed." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" + role: + description: "The Hetzner role of entities that should be discovered." + enum: + - "hcloud" + - "Hcloud" + - "robot" + - "Robot" + type: "string" tlsConfig: - description: "TLS configuration applying to the target HTTP endpoint." + description: "TLS configuration to use on every scrape request." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -2360,40 +2473,23 @@ spec: description: "Used to verify the hostname for the targets." type: "string" type: "object" - url: - description: "URL from which the targets are fetched." - minLength: 1 - pattern: "^http(s)?://.+$" - type: "string" required: - - "url" + - "role" type: "object" type: "array" - jobName: - description: "The value of the `job` label assigned to the scraped metrics by default.\n\n\nThe `job_name` field in the rendered scrape configuration is always controlled by the\noperator to prevent duplicate job names, which Prometheus does not allow. Instead the\n`job` label is set by means of relabeling configs." - minLength: 1 - type: "string" - keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0." - format: "int64" - type: "integer" - kubernetesSDConfigs: - description: "KubernetesSDConfigs defines a list of Kubernetes service discovery configurations." + honorLabels: + description: "HonorLabels chooses the metric's labels on collisions with target labels." + type: "boolean" + honorTimestamps: + description: "HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data." + type: "boolean" + httpSDConfigs: + description: "HTTPSDConfigs defines a list of HTTP service discovery configurations." items: - description: "KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config" + description: "HTTPSDConfig defines a prometheus HTTP service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config" properties: - apiServer: - description: "The API server address consisting of a hostname or IP address followed\nby an optional port number.\nIf left empty, Prometheus is assumed to run inside\nof the cluster. It will discover API servers automatically and use the pod's\nCA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/." - type: "string" - attachMetadata: - description: "Optional metadata to attach to discovered targets.\nIt requires Prometheus >= v2.35.0 for `pod` role and\nPrometheus >= v2.37.0 for `endpoints` and `endpointslice` roles." - properties: - node: - description: "Attaches node metadata to discovered targets.\nWhen set to true, Prometheus must have the `get` permission on the\n`Nodes` objects.\nOnly valid for Pod, Endpoint and Endpointslice roles." - type: "boolean" - type: "object" authorization: - description: "Authorization header to use on every scrape request.\nCannot be set at the same time as `basicAuth`, or `oauth2`." + description: "Authorization header configuration to authenticate against the target HTTP endpoint." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -2417,7 +2513,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to use on every scrape request.\nCannot be set at the same time as `authorization`, or `oauth2`." + description: "BasicAuth information to authenticate against the target HTTP endpoint.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints" properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -2454,108 +2550,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" - enableHTTP2: - description: "Whether to enable HTTP2." - type: "boolean" - followRedirects: - description: "Configure whether HTTP requests follow HTTP 3xx redirects." - type: "boolean" - namespaces: - description: "Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces." - properties: - names: - description: "List of namespaces where to watch for resources.\nIf empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces." - items: - type: "string" - type: "array" - ownNamespace: - description: "Includes the namespace in which the Prometheus pod exists to the list of watched namesapces." - type: "boolean" - type: "object" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." type: "string" - oauth2: - description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`." - properties: - clientId: - description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." - properties: - configMap: - description: "ConfigMap containing data to use for the targets." - properties: - key: - description: "The key to select." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." - type: "string" - optional: - description: "Specify whether the ConfigMap or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - secret: - description: "Secret containing data to use for the targets." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - clientSecret: - description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - endpointParams: - additionalProperties: - type: "string" - description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." - type: "object" - scopes: - description: "`scopes` defines the OAuth2 scopes used for the token request." - items: - type: "string" - type: "array" - tokenUrl: - description: "`tokenURL` configures the URL to fetch the token from." - minLength: 1 - type: "string" - required: - - "clientId" - - "clientSecret" - - "tokenUrl" - type: "object" - proxyConnectHeader: - additionalProperties: - items: - description: "SecretKeySelector selects a key of a Secret." + proxyConnectHeader: + additionalProperties: + items: + description: "SecretKeySelector selects a key of a Secret." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -2582,56 +2583,12 @@ spec: description: "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0." pattern: "^http(s)?://.+$" type: "string" - role: - description: "Role of the Kubernetes entities that should be discovered." - enum: - - "Node" - - "node" - - "Service" - - "service" - - "Pod" - - "pod" - - "Endpoints" - - "endpoints" - - "EndpointSlice" - - "endpointslice" - - "Ingress" - - "ingress" + refreshInterval: + description: "RefreshInterval configures the refresh interval at which Prometheus will re-query the\nendpoint to update the target list." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - selectors: - description: "Selector to select objects." - items: - description: "K8SSelectorConfig is Kubernetes Selector Config" - properties: - field: - type: "string" - label: - type: "string" - role: - description: "Role is role of the service in Kubernetes." - enum: - - "Node" - - "node" - - "Service" - - "service" - - "Pod" - - "pod" - - "Endpoints" - - "endpoints" - - "EndpointSlice" - - "endpointslice" - - "Ingress" - - "ingress" - type: "string" - required: - - "role" - type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "role" - x-kubernetes-list-type: "map" tlsConfig: - description: "TLS configuration to use on every scrape request." + description: "TLS configuration applying to the target HTTP endpoint." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -2733,17 +2690,40 @@ spec: description: "Used to verify the hostname for the targets." type: "string" type: "object" + url: + description: "URL from which the targets are fetched." + minLength: 1 + pattern: "^http(s)?://.+$" + type: "string" required: - - "role" + - "url" type: "object" type: "array" - kumaSDConfigs: - description: "KumaSDConfigs defines a list of Kuma service discovery configurations." + jobName: + description: "The value of the `job` label assigned to the scraped metrics by default.\n\n\nThe `job_name` field in the rendered scrape configuration is always controlled by the\noperator to prevent duplicate job names, which Prometheus does not allow. Instead the\n`job` label is set by means of relabeling configs." + minLength: 1 + type: "string" + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0." + format: "int64" + type: "integer" + kubernetesSDConfigs: + description: "KubernetesSDConfigs defines a list of Kubernetes service discovery configurations." items: - description: "KumaSDConfig allow retrieving scrape targets from Kuma's control plane.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config" + description: "KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config" properties: + apiServer: + description: "The API server address consisting of a hostname or IP address followed\nby an optional port number.\nIf left empty, Prometheus is assumed to run inside\nof the cluster. It will discover API servers automatically and use the pod's\nCA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/." + type: "string" + attachMetadata: + description: "Optional metadata to attach to discovered targets.\nIt requires Prometheus >= v2.35.0 for `pod` role and\nPrometheus >= v2.37.0 for `endpoints` and `endpointslice` roles." + properties: + node: + description: "Attaches node metadata to discovered targets.\nWhen set to true, Prometheus must have the `get` permission on the\n`Nodes` objects.\nOnly valid for Pod, Endpoint and Endpointslice roles." + type: "boolean" + type: "object" authorization: - description: "Authorization header to use on every scrape request." + description: "Authorization header to use on every scrape request.\nCannot be set at the same time as `basicAuth`, or `oauth2`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -2767,7 +2747,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to use on every scrape request." + description: "BasicAuth information to use on every scrape request.\nCannot be set at the same time as `authorization`, or `oauth2`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -2804,19 +2784,24 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" - clientID: - description: "Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend." - type: "string" enableHTTP2: description: "Whether to enable HTTP2." type: "boolean" - fetchTimeout: - description: "The time after which the monitoring assignments are refreshed." - pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" - type: "string" followRedirects: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" + namespaces: + description: "Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces." + properties: + names: + description: "List of namespaces where to watch for resources.\nIf empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces." + items: + type: "string" + type: "array" + ownNamespace: + description: "Includes the namespace in which the Prometheus pod exists to the list of watched namesapces." + type: "boolean" + type: "object" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." type: "string" @@ -2927,16 +2912,56 @@ spec: description: "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0." pattern: "^http(s)?://.+$" type: "string" - refreshInterval: - description: "The time to wait between polling update requests." - pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" - type: "string" - server: - description: "Address of the Kuma Control Plane's MADS xDS server." - minLength: 1 + role: + description: "Role of the Kubernetes entities that should be discovered." + enum: + - "Node" + - "node" + - "Service" + - "service" + - "Pod" + - "pod" + - "Endpoints" + - "endpoints" + - "EndpointSlice" + - "endpointslice" + - "Ingress" + - "ingress" type: "string" + selectors: + description: "Selector to select objects." + items: + description: "K8SSelectorConfig is Kubernetes Selector Config" + properties: + field: + type: "string" + label: + type: "string" + role: + description: "Role is role of the service in Kubernetes." + enum: + - "Node" + - "node" + - "Service" + - "service" + - "Pod" + - "pod" + - "Endpoints" + - "endpoints" + - "EndpointSlice" + - "endpointslice" + - "Ingress" + - "ingress" + type: "string" + required: + - "role" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "role" + x-kubernetes-list-type: "map" tlsConfig: - description: "TLS configuration to use on every scrape request" + description: "TLS configuration to use on every scrape request." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -3039,52 +3064,624 @@ spec: type: "string" type: "object" required: - - "server" + - "role" type: "object" type: "array" - labelLimit: - description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." - format: "int64" - type: "integer" - labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." - format: "int64" - type: "integer" - labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." - format: "int64" - type: "integer" - metricRelabelings: - description: "MetricRelabelConfigs to apply to samples before ingestion." + kumaSDConfigs: + description: "KumaSDConfigs defines a list of Kuma service discovery configurations." items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "KumaSDConfig allow retrieving scrape targets from Kuma's control plane.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config" properties: - action: - default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" - enum: - - "replace" - - "Replace" - - "keep" - - "Keep" - - "drop" - - "Drop" - - "hashmod" - - "HashMod" - - "labelmap" - - "LabelMap" - - "labeldrop" - - "LabelDrop" - - "labelkeep" - - "LabelKeep" - - "lowercase" - - "Lowercase" - - "uppercase" - - "Uppercase" - - "keepequal" - - "KeepEqual" - - "dropequal" - - "DropEqual" + authorization: + description: "Authorization header to use on every scrape request." + properties: + credentials: + description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: + description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + type: "string" + type: "object" + basicAuth: + description: "BasicAuth information to use on every scrape request." + properties: + password: + description: "`password` specifies a key of a Secret containing the password for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + username: + description: "`username` specifies a key of a Secret containing the username for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + clientID: + description: "Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend." + type: "string" + enableHTTP2: + description: "Whether to enable HTTP2." + type: "boolean" + fetchTimeout: + description: "The time after which the monitoring assignments are refreshed." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + followRedirects: + description: "Configure whether HTTP requests follow HTTP 3xx redirects." + type: "boolean" + noProxy: + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + type: "string" + oauth2: + description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`." + properties: + clientId: + description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + clientSecret: + description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + endpointParams: + additionalProperties: + type: "string" + description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." + type: "object" + scopes: + description: "`scopes` defines the OAuth2 scopes used for the token request." + items: + type: "string" + type: "array" + tokenUrl: + description: "`tokenURL` configures the URL to fetch the token from." + minLength: 1 + type: "string" + required: + - "clientId" + - "clientSecret" + - "tokenUrl" + type: "object" + proxyConnectHeader: + additionalProperties: + items: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + type: "object" + x-kubernetes-map-type: "atomic" + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + type: "boolean" + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0." + pattern: "^http(s)?://.+$" + type: "string" + refreshInterval: + description: "The time to wait between polling update requests." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + server: + description: "Address of the Kuma Control Plane's MADS xDS server." + minLength: 1 + type: "string" + tlsConfig: + description: "TLS configuration to use on every scrape request" + properties: + ca: + description: "Certificate authority used when verifying server certificates." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + cert: + description: "Client certificate to present when doing client-authentication." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + insecureSkipVerify: + description: "Disable target certificate validation." + type: "boolean" + keySecret: + description: "Secret containing the client key file for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + serverName: + description: "Used to verify the hostname for the targets." + type: "string" + type: "object" + required: + - "server" + type: "object" + type: "array" + labelLimit: + description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." + format: "int64" + type: "integer" + labelNameLengthLimit: + description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." + format: "int64" + type: "integer" + labelValueLengthLimit: + description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." + format: "int64" + type: "integer" + linodeSDConfigs: + description: "LinodeSDConfigs defines a list of Linode service discovery configurations." + items: + properties: + authorization: + description: "Authorization header configuration." + properties: + credentials: + description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: + description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + type: "string" + type: "object" + enableHTTP2: + description: "Whether to enable HTTP2." + type: "boolean" + followRedirects: + description: "Configure whether HTTP requests follow HTTP 3xx redirects." + type: "boolean" + noProxy: + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + type: "string" + oauth2: + description: "Optional OAuth 2.0 configuration.\nCannot be used at the same time as `authorization`." + properties: + clientId: + description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + clientSecret: + description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + endpointParams: + additionalProperties: + type: "string" + description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." + type: "object" + scopes: + description: "`scopes` defines the OAuth2 scopes used for the token request." + items: + type: "string" + type: "array" + tokenUrl: + description: "`tokenURL` configures the URL to fetch the token from." + minLength: 1 + type: "string" + required: + - "clientId" + - "clientSecret" + - "tokenUrl" + type: "object" + port: + description: "Default port to scrape metrics from." + format: "int32" + maximum: 65535.0 + minimum: 0.0 + type: "integer" + proxyConnectHeader: + additionalProperties: + items: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + type: "object" + x-kubernetes-map-type: "atomic" + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + type: "boolean" + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0." + pattern: "^http(s)?://.+$" + type: "string" + refreshInterval: + description: "Time after which the linode instances are refreshed." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + region: + description: "Optional region to filter on." + minLength: 1 + type: "string" + tagSeparator: + description: "The string by which Linode Instance tags are joined into the tag label." + minLength: 1 + type: "string" + tlsConfig: + description: "TLS configuration applying to the target HTTP endpoint." + properties: + ca: + description: "Certificate authority used when verifying server certificates." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + cert: + description: "Client certificate to present when doing client-authentication." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + insecureSkipVerify: + description: "Disable target certificate validation." + type: "boolean" + keySecret: + description: "Secret containing the client key file for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + serverName: + description: "Used to verify the hostname for the targets." + type: "string" + type: "object" + type: "object" + type: "array" + metricRelabelings: + description: "MetricRelabelConfigs to apply to samples before ingestion." + items: + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: "replace" + description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + enum: + - "replace" + - "Replace" + - "keep" + - "Keep" + - "drop" + - "Drop" + - "hashmod" + - "HashMod" + - "labelmap" + - "LabelMap" + - "labeldrop" + - "LabelDrop" + - "labelkeep" + - "LabelKeep" + - "lowercase" + - "Lowercase" + - "uppercase" + - "Uppercase" + - "keepequal" + - "KeepEqual" + - "dropequal" + - "DropEqual" type: "string" modulus: description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." @@ -3141,76 +3738,427 @@ spec: default: "" description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + availability: + description: "Availability of the endpoint to connect to." + enum: + - "Public" + - "public" + - "Admin" + - "admin" + - "Internal" + - "internal" + type: "string" + domainID: + description: "DomainID" + type: "string" + domainName: + description: "At most one of domainId and domainName must be provided if using username\nwith Identity V3. Otherwise, either are optional." + type: "string" + identityEndpoint: + description: "IdentityEndpoint specifies the HTTP endpoint that is required to work with\nthe Identity API of the appropriate version." + type: "string" + password: + description: "Password for the Identity V2 and V3 APIs. Consult with your provider's\ncontrol panel to discover your account's preferred method of authentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + port: + description: "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule." + type: "integer" + projectID: + description: " ProjectID" + type: "string" + projectName: + description: "The ProjectId and ProjectName fields are optional for the Identity V2 API.\nSome providers allow you to specify a ProjectName instead of the ProjectId.\nSome require both. Your provider's authentication policies will determine\nhow these fields influence authentication." + type: "string" + refreshInterval: + description: "Refresh interval to re-read the instance list." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + region: + description: "The OpenStack Region." + minLength: 1 + type: "string" + role: + description: "The OpenStack role of entities that should be discovered." + enum: + - "Instance" + - "instance" + - "Hypervisor" + - "hypervisor" + type: "string" + tlsConfig: + description: "TLS configuration applying to the target HTTP endpoint." + properties: + ca: + description: "Certificate authority used when verifying server certificates." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + cert: + description: "Client certificate to present when doing client-authentication." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + insecureSkipVerify: + description: "Disable target certificate validation." + type: "boolean" + keySecret: + description: "Secret containing the client key file for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + serverName: + description: "Used to verify the hostname for the targets." + type: "string" + type: "object" + userid: + description: "UserID" + type: "string" + username: + description: "Username is required if using Identity V2 API. Consult with your provider's\ncontrol panel to discover your account's username.\nIn Identity V3, either userid or a combination of username\nand domainId or domainName are needed" + type: "string" + required: + - "region" + - "role" + type: "object" + type: "array" + params: + additionalProperties: + items: + type: "string" + type: "array" + description: "Optional HTTP URL parameters" + type: "object" + x-kubernetes-map-type: "atomic" + proxyConnectHeader: + additionalProperties: + items: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + type: "object" + x-kubernetes-map-type: "atomic" + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + type: "boolean" + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0." + pattern: "^http(s)?://.+$" + type: "string" + puppetDBSDConfigs: + description: "PuppetDBSDConfigs defines a list of PuppetDB service discovery configurations." + items: + properties: + authorization: + description: "Optional `authorization` HTTP header configuration.\nCannot be set at the same time as `basicAuth`, or `oauth2`." + properties: + credentials: + description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: + description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + type: "string" type: "object" - x-kubernetes-map-type: "atomic" - availability: - description: "Availability of the endpoint to connect to." - enum: - - "Public" - - "public" - - "Admin" - - "admin" - - "Internal" - - "internal" - type: "string" - domainID: - description: "DomainID" - type: "string" - domainName: - description: "At most one of domainId and domainName must be provided if using username\nwith Identity V3. Otherwise, either are optional." - type: "string" - identityEndpoint: - description: "IdentityEndpoint specifies the HTTP endpoint that is required to work with\nthe Identity API of the appropriate version." + basicAuth: + description: "Optional HTTP basic authentication information.\nCannot be set at the same time as `authorization`, or `oauth2`." + properties: + password: + description: "`password` specifies a key of a Secret containing the password for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + username: + description: "`username` specifies a key of a Secret containing the username for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + enableHTTP2: + description: "Configure whether to enable HTTP2." + type: "boolean" + followRedirects: + description: "Configure whether the HTTP requests should follow HTTP 3xx redirects." + type: "boolean" + includeParameters: + description: "Whether to include the parameters as meta labels.\nNote: Enabling this exposes parameters in the Prometheus UI and API. Make sure\nthat you don't have secrets exposed as parameters if you enable this." + type: "boolean" + noProxy: + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." type: "string" - password: - description: "Password for the Identity V2 and V3 APIs. Consult with your provider's\ncontrol panel to discover your account's preferred method of authentication." + oauth2: + description: "Optional OAuth2.0 configuration.\nCannot be set at the same time as `basicAuth`, or `authorization`." properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + clientId: + description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + clientSecret: + description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + endpointParams: + additionalProperties: + type: "string" + description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." + type: "object" + scopes: + description: "`scopes` defines the OAuth2 scopes used for the token request." + items: + type: "string" + type: "array" + tokenUrl: + description: "`tokenURL` configures the URL to fetch the token from." + minLength: 1 type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" required: - - "key" + - "clientId" + - "clientSecret" + - "tokenUrl" type: "object" - x-kubernetes-map-type: "atomic" port: - description: "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule." + description: "Port to scrape the metrics from." + format: "int32" + maximum: 65535.0 + minimum: 0.0 type: "integer" - projectID: - description: " ProjectID" + proxyConnectHeader: + additionalProperties: + items: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + type: "object" + x-kubernetes-map-type: "atomic" + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + type: "boolean" + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0." + pattern: "^http(s)?://.+$" type: "string" - projectName: - description: "The ProjectId and ProjectName fields are optional for the Identity V2 API.\nSome providers allow you to specify a ProjectName instead of the ProjectId.\nSome require both. Your provider's authentication policies will determine\nhow these fields influence authentication." + query: + description: "Puppet Query Language (PQL) query. Only resources are supported.\nhttps://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html" + minLength: 1 type: "string" refreshInterval: - description: "Refresh interval to re-read the instance list." + description: "Refresh interval to re-read the list of resources." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - region: - description: "The OpenStack Region." - minLength: 1 - type: "string" - role: - description: "The OpenStack role of entities that should be discovered." - enum: - - "Instance" - - "instance" - - "Hypervisor" - - "hypervisor" - type: "string" tlsConfig: - description: "TLS configuration applying to the target HTTP endpoint." + description: "TLS configuration to connect to the Puppet DB." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -3312,55 +4260,16 @@ spec: description: "Used to verify the hostname for the targets." type: "string" type: "object" - userid: - description: "UserID" - type: "string" - username: - description: "Username is required if using Identity V2 API. Consult with your provider's\ncontrol panel to discover your account's username.\nIn Identity V3, either userid or a combination of username\nand domainId or domainName are needed" + url: + description: "The URL of the PuppetDB root query endpoint." + minLength: 1 + pattern: "^http(s)?://.+$" type: "string" required: - - "region" - - "role" + - "query" + - "url" type: "object" type: "array" - params: - additionalProperties: - items: - type: "string" - type: "array" - description: "Optional HTTP URL parameters" - type: "object" - x-kubernetes-map-type: "atomic" - proxyConnectHeader: - additionalProperties: - items: - description: "SecretKeySelector selects a key of a Secret." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." - type: "object" - x-kubernetes-map-type: "atomic" - proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." - type: "boolean" - proxyUrl: - description: "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0." - pattern: "^http(s)?://.+$" - type: "string" relabelings: description: "RelabelConfigs defines how to rewrite the target's labels before scraping.\nPrometheus Operator automatically adds relabelings for a few standard Kubernetes fields.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml index c0104e3fd..7646bf274 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml @@ -3574,6 +3574,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -3896,6 +3898,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -3996,6 +4000,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -4116,6 +4122,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -4206,7 +4214,7 @@ spec: logRequestResponseInfo: nullable: true type: "boolean" - regular: + postRouting: properties: requestTransforms: items: @@ -4276,6 +4284,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -4376,6 +4386,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -4496,6 +4508,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -4578,143 +4592,525 @@ spec: type: "object" type: "array" type: "object" - type: "object" - transformations: - properties: - clearRouteCache: - type: "boolean" - requestTransformation: + regular: properties: - headerBodyTransform: - properties: - addRequestMetadata: - type: "boolean" - type: "object" - logRequestResponseInfo: - type: "boolean" - transformationTemplate: - properties: - advancedTemplates: - type: "boolean" - body: - properties: - text: - type: "string" - type: "object" - dynamicMetadataValues: - items: - properties: - key: - type: "string" - metadataNamespace: - type: "string" - value: - properties: - text: - type: "string" - type: "object" - type: "object" - type: "array" - escapeCharacters: - nullable: true - type: "boolean" - extractors: - additionalProperties: + requestTransforms: + items: + properties: + clearRouteCache: + type: "boolean" + matcher: properties: - body: - maxProperties: 0 + caseSensitive: + nullable: true + type: "boolean" + connectMatcher: type: "object" - header: + exact: type: "string" - mode: + headers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + methods: + items: + type: "string" + type: "array" + prefix: type: "string" - x-kubernetes-int-or-string: true + queryParameters: + items: + properties: + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" regex: type: "string" - replacementText: - nullable: true - type: "string" - subgroup: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - type: "object" - headers: - additionalProperties: - properties: - text: - type: "string" type: "object" - type: "object" - headersToAppend: - items: + requestTransformation: properties: - key: - type: "string" - value: + headerBodyTransform: properties: - text: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" type: "object" - type: "object" - type: "array" - headersToRemove: - items: - type: "string" - type: "array" - ignoreErrorOnParse: - type: "boolean" - mergeExtractorsToBody: - type: "object" - parseBodyBehavior: - type: "string" - x-kubernetes-int-or-string: true - passthrough: - type: "object" - type: "object" - xsltTransformation: - properties: - nonXmlTransform: - type: "boolean" - setContentType: - type: "string" - xslt: - type: "string" - type: "object" - type: "object" - responseTransformation: - properties: - headerBodyTransform: - properties: - addRequestMetadata: - type: "boolean" - type: "object" - logRequestResponseInfo: - type: "boolean" - transformationTemplate: - properties: - advancedTemplates: - type: "boolean" - body: - properties: - text: - type: "string" - type: "object" - dynamicMetadataValues: - items: - properties: - key: - type: "string" - metadataNamespace: - type: "string" - value: + xsltTransformation: properties: - text: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: type: "string" type: "object" type: "object" - type: "array" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + responseTransforms: + items: + properties: + matchers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + responseCodeDetails: + type: "string" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + type: "object" + type: "object" + transformations: + properties: + clearRouteCache: + type: "boolean" + requestTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" escapeCharacters: nullable: true type: "boolean" @@ -4878,6 +5274,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -5584,325 +5982,713 @@ spec: properties: aws: properties: - invocationStyle: - type: "string" - x-kubernetes-int-or-string: true - logicalName: + invocationStyle: + type: "string" + x-kubernetes-int-or-string: true + logicalName: + type: "string" + requestTransformation: + type: "boolean" + responseTransformation: + type: "boolean" + unwrapAsAlb: + type: "boolean" + unwrapAsApiGateway: + type: "boolean" + wrapAsApiGateway: + type: "boolean" + type: "object" + azure: + properties: + functionName: + type: "string" + type: "object" + grpc: + properties: + function: + type: "string" + package: + type: "string" + parameters: + properties: + headers: + additionalProperties: + type: "string" + type: "object" + path: + nullable: true + type: "string" + type: "object" + service: + type: "string" + type: "object" + rest: + properties: + functionName: + type: "string" + parameters: + properties: + headers: + additionalProperties: + type: "string" + type: "object" + path: + nullable: true + type: "string" + type: "object" + responseTransformation: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + type: "object" + type: "object" + kube: + properties: + port: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + ref: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + type: "object" + subset: + properties: + values: + additionalProperties: + type: "string" + type: "object" + type: "object" + upstream: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + type: "object" + options: + properties: + bufferPerRoute: + properties: + buffer: + properties: + maxRequestBytes: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" + disabled: + type: "boolean" + type: "object" + csrf: + properties: + additionalOrigins: + items: + properties: + exact: + type: "string" + ignoreCase: + type: "boolean" + prefix: + type: "string" + safeRegex: + properties: + googleRe2: + properties: + maxProgramSize: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" + regex: + type: "string" + type: "object" + suffix: + type: "string" + type: "object" + type: "array" + filterEnabled: + properties: + defaultValue: + properties: + denominator: + type: "string" + x-kubernetes-int-or-string: true + numerator: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + runtimeKey: type: "string" - requestTransformation: - type: "boolean" - responseTransformation: - type: "boolean" - unwrapAsAlb: - type: "boolean" - unwrapAsApiGateway: - type: "boolean" - wrapAsApiGateway: - type: "boolean" type: "object" - azure: + shadowEnabled: properties: - functionName: + defaultValue: + properties: + denominator: + type: "string" + x-kubernetes-int-or-string: true + numerator: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + runtimeKey: type: "string" type: "object" - grpc: + type: "object" + extauth: + properties: + configRef: properties: - function: - type: "string" - package: + name: type: "string" - parameters: - properties: - headers: - additionalProperties: - type: "string" - type: "object" - path: - nullable: true - type: "string" - type: "object" - service: + namespace: type: "string" type: "object" - rest: + customAuth: properties: - functionName: + contextExtensions: + additionalProperties: + type: "string" + type: "object" + name: type: "string" - parameters: - properties: - headers: - additionalProperties: + type: "object" + disable: + type: "boolean" + type: "object" + extensions: + properties: + configs: + additionalProperties: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + headerManipulation: + properties: + requestHeadersToAdd: + items: + properties: + append: + nullable: true + type: "boolean" + header: + properties: + key: type: "string" - type: "object" - path: - nullable: true - type: "string" - type: "object" - responseTransformation: - properties: - advancedTemplates: - type: "boolean" - body: - properties: - text: - type: "string" - type: "object" - dynamicMetadataValues: - items: + value: + type: "string" + type: "object" + headerSecretRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + type: "object" + type: "array" + requestHeadersToRemove: + items: + type: "string" + type: "array" + responseHeadersToAdd: + items: + properties: + append: + nullable: true + type: "boolean" + header: + properties: + key: + type: "string" + value: + type: "string" + type: "object" + type: "object" + type: "array" + responseHeadersToRemove: + items: + type: "string" + type: "array" + type: "object" + stagedTransformations: + properties: + early: + properties: + requestTransforms: + items: + properties: + clearRouteCache: + type: "boolean" + matcher: properties: - key: + caseSensitive: + nullable: true + type: "boolean" + connectMatcher: + type: "object" + exact: type: "string" - metadataNamespace: + headers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + methods: + items: + type: "string" + type: "array" + prefix: type: "string" - value: + queryParameters: + items: + properties: + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + regex: + type: "string" + type: "object" + requestTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: properties: - text: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: type: "string" type: "object" type: "object" - type: "array" - escapeCharacters: - type: "boolean" - extractors: - additionalProperties: + responseTransformation: properties: - body: - maxProperties: 0 + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" type: "object" - header: - type: "string" - mode: - type: "string" - x-kubernetes-int-or-string: true - regex: - type: "string" - replacementText: - nullable: true - type: "string" - subgroup: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - type: "object" - headers: - additionalProperties: - properties: - text: - type: "string" type: "object" - type: "object" - headersToAppend: - items: + type: "object" + type: "array" + responseTransforms: + items: + properties: + matchers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + responseCodeDetails: + type: "string" + responseTransformation: properties: - key: - type: "string" - value: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: properties: - text: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: type: "string" type: "object" type: "object" - type: "array" - headersToRemove: - items: - type: "string" - type: "array" - ignoreErrorOnParse: - type: "boolean" - mergeExtractorsToBody: - type: "object" - parseBodyBehavior: - type: "string" - x-kubernetes-int-or-string: true - passthrough: - type: "object" - type: "object" - type: "object" - type: "object" - kube: - properties: - port: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - ref: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - type: "object" - subset: - properties: - values: - additionalProperties: - type: "string" - type: "object" - type: "object" - upstream: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - type: "object" - options: - properties: - bufferPerRoute: - properties: - buffer: - properties: - maxRequestBytes: - maximum: 4294967295.0 - minimum: 0.0 - nullable: true - type: "integer" - type: "object" - disabled: - type: "boolean" - type: "object" - csrf: - properties: - additionalOrigins: - items: - properties: - exact: - type: "string" - ignoreCase: - type: "boolean" - prefix: - type: "string" - safeRegex: - properties: - googleRe2: - properties: - maxProgramSize: - maximum: 4294967295.0 - minimum: 0.0 - nullable: true - type: "integer" - type: "object" - regex: - type: "string" type: "object" - suffix: - type: "string" - type: "object" - type: "array" - filterEnabled: - properties: - defaultValue: - properties: - denominator: - type: "string" - x-kubernetes-int-or-string: true - numerator: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - runtimeKey: - type: "string" - type: "object" - shadowEnabled: - properties: - defaultValue: - properties: - denominator: - type: "string" - x-kubernetes-int-or-string: true - numerator: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - runtimeKey: - type: "string" - type: "object" - type: "object" - extauth: - properties: - configRef: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - customAuth: - properties: - contextExtensions: - additionalProperties: - type: "string" - type: "object" - name: - type: "string" + type: "array" type: "object" - disable: + escapeCharacters: + nullable: true type: "boolean" - type: "object" - extensions: - properties: - configs: - additionalProperties: - type: "object" - x-kubernetes-preserve-unknown-fields: true - type: "object" - type: "object" - headerManipulation: - properties: - requestHeadersToAdd: - items: - properties: - append: - nullable: true - type: "boolean" - header: - properties: - key: - type: "string" - value: - type: "string" - type: "object" - headerSecretRef: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - type: "object" - type: "array" - requestHeadersToRemove: - items: - type: "string" - type: "array" - responseHeadersToAdd: - items: - properties: - append: - nullable: true - type: "boolean" - header: - properties: - key: - type: "string" - value: - type: "string" - type: "object" - type: "object" - type: "array" - responseHeadersToRemove: - items: - type: "string" - type: "array" - type: "object" - stagedTransformations: - properties: - early: + inheritTransformation: + type: "boolean" + logRequestResponseInfo: + nullable: true + type: "boolean" + postRouting: properties: requestTransforms: items: @@ -5972,6 +6758,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -6072,6 +6860,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -6192,6 +6982,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -6274,14 +7066,6 @@ spec: type: "object" type: "array" type: "object" - escapeCharacters: - nullable: true - type: "boolean" - inheritTransformation: - type: "boolean" - logRequestResponseInfo: - nullable: true - type: "boolean" regular: properties: requestTransforms: @@ -6352,6 +7136,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -6452,6 +7238,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -6572,6 +7360,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -6680,6 +7470,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -6780,6 +7572,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -6954,6 +7748,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml index 74446e309..7a8153e94 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml @@ -1205,6 +1205,14 @@ spec: type: "integer" perTryTimeout: type: "string" + previousPriorities: + properties: + updateFrequency: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" retryBackOff: properties: baseInterval: @@ -1299,6 +1307,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1399,6 +1409,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1519,6 +1531,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1609,6 +1623,384 @@ spec: logRequestResponseInfo: nullable: true type: "boolean" + postRouting: + properties: + requestTransforms: + items: + properties: + clearRouteCache: + type: "boolean" + matcher: + properties: + caseSensitive: + nullable: true + type: "boolean" + connectMatcher: + type: "object" + exact: + type: "string" + headers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + methods: + items: + type: "string" + type: "array" + prefix: + type: "string" + queryParameters: + items: + properties: + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + regex: + type: "string" + type: "object" + requestTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + responseTransforms: + items: + properties: + matchers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + responseCodeDetails: + type: "string" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + type: "object" regular: properties: requestTransforms: @@ -1679,6 +2071,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1779,6 +2173,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1899,6 +2295,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2029,6 +2427,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2129,6 +2529,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2283,18 +2685,20 @@ spec: type: "array" type: "object" type: "object" - targetRef: - properties: - group: - type: "string" - kind: - type: "string" - name: - type: "string" - namespace: - nullable: true - type: "string" - type: "object" + targetRefs: + items: + properties: + group: + type: "string" + kind: + type: "string" + name: + type: "string" + namespace: + nullable: true + type: "string" + type: "object" + type: "array" type: "object" status: default: {} diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml index 9439b15f0..8d3b47361 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml @@ -1315,6 +1315,14 @@ spec: type: "integer" perTryTimeout: type: "string" + previousPriorities: + properties: + updateFrequency: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" retryBackOff: properties: baseInterval: @@ -1409,6 +1417,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1509,6 +1519,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1629,6 +1641,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1719,7 +1733,7 @@ spec: logRequestResponseInfo: nullable: true type: "boolean" - regular: + postRouting: properties: requestTransforms: items: @@ -1789,6 +1803,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1889,6 +1905,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2009,6 +2027,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2091,713 +2111,1483 @@ spec: type: "object" type: "array" type: "object" - type: "object" - timeout: - type: "string" - tracing: - properties: - propagate: - nullable: true - type: "boolean" - routeDescriptor: - type: "string" - tracePercentages: - properties: - clientSamplePercentage: - nullable: true - type: "number" - overallSamplePercentage: - nullable: true - type: "number" - randomSamplePercentage: - nullable: true - type: "number" - type: "object" - type: "object" - transformations: - properties: - clearRouteCache: - type: "boolean" - requestTransformation: + regular: properties: - headerBodyTransform: - properties: - addRequestMetadata: - type: "boolean" - type: "object" - logRequestResponseInfo: - type: "boolean" - transformationTemplate: - properties: - advancedTemplates: - type: "boolean" - body: - properties: - text: - type: "string" - type: "object" - dynamicMetadataValues: - items: - properties: - key: - type: "string" - metadataNamespace: - type: "string" - value: - properties: - text: - type: "string" - type: "object" - type: "object" - type: "array" - escapeCharacters: - nullable: true - type: "boolean" - extractors: - additionalProperties: + requestTransforms: + items: + properties: + clearRouteCache: + type: "boolean" + matcher: properties: - body: - maxProperties: 0 + caseSensitive: + nullable: true + type: "boolean" + connectMatcher: type: "object" - header: + exact: type: "string" - mode: + headers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + methods: + items: + type: "string" + type: "array" + prefix: type: "string" - x-kubernetes-int-or-string: true + queryParameters: + items: + properties: + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" regex: type: "string" - replacementText: - nullable: true - type: "string" - subgroup: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - type: "object" - headers: - additionalProperties: - properties: - text: - type: "string" type: "object" - type: "object" - headersToAppend: - items: + requestTransformation: properties: - key: - type: "string" - value: + headerBodyTransform: properties: - text: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: type: "string" type: "object" type: "object" - type: "array" - headersToRemove: - items: - type: "string" - type: "array" - ignoreErrorOnParse: - type: "boolean" - mergeExtractorsToBody: - type: "object" - parseBodyBehavior: - type: "string" - x-kubernetes-int-or-string: true - passthrough: - type: "object" - type: "object" - xsltTransformation: - properties: - nonXmlTransform: - type: "boolean" - setContentType: - type: "string" - xslt: - type: "string" - type: "object" - type: "object" - responseTransformation: - properties: - headerBodyTransform: - properties: - addRequestMetadata: - type: "boolean" - type: "object" - logRequestResponseInfo: - type: "boolean" - transformationTemplate: - properties: - advancedTemplates: - type: "boolean" - body: - properties: - text: - type: "string" - type: "object" - dynamicMetadataValues: - items: + responseTransformation: properties: - key: - type: "string" - metadataNamespace: - type: "string" - value: + headerBodyTransform: properties: - text: - type: "string" + addRequestMetadata: + type: "boolean" type: "object" - type: "object" - type: "array" - escapeCharacters: - nullable: true - type: "boolean" - extractors: - additionalProperties: - properties: - body: - maxProperties: 0 + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" type: "object" - header: - type: "string" - mode: - type: "string" - x-kubernetes-int-or-string: true - regex: - type: "string" - replacementText: - nullable: true - type: "string" - subgroup: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - type: "object" - headers: - additionalProperties: - properties: - text: - type: "string" - type: "object" - type: "object" - headersToAppend: - items: - properties: - key: - type: "string" - value: + xsltTransformation: properties: - text: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: type: "string" type: "object" type: "object" - type: "array" - headersToRemove: - items: - type: "string" - type: "array" - ignoreErrorOnParse: - type: "boolean" - mergeExtractorsToBody: - type: "object" - parseBodyBehavior: - type: "string" - x-kubernetes-int-or-string: true - passthrough: - type: "object" - type: "object" - xsltTransformation: - properties: - nonXmlTransform: - type: "boolean" - setContentType: - type: "string" - xslt: - type: "string" - type: "object" - type: "object" - type: "object" - upgrades: - items: - properties: - connect: - properties: - enabled: - nullable: true - type: "boolean" - type: "object" - websocket: - properties: - enabled: - nullable: true - type: "boolean" - type: "object" - type: "object" - type: "array" - waf: - properties: - auditLogging: - properties: - action: - type: "string" - x-kubernetes-int-or-string: true - location: - type: "string" - x-kubernetes-int-or-string: true - type: "object" - configMapRuleSets: - items: - properties: - configMapRef: + type: "object" + type: "array" + responseTransforms: + items: properties: - name: - type: "string" - namespace: + matchers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + responseCodeDetails: type: "string" - type: "object" - dataMapKeys: - items: - type: "string" - type: "array" - type: "object" - type: "array" - coreRuleSet: - properties: - customSettingsFile: - type: "string" - customSettingsString: - type: "string" - type: "object" - customInterventionMessage: - type: "string" - disabled: - type: "boolean" - requestHeadersOnly: - type: "boolean" - responseHeadersOnly: - type: "boolean" - ruleSets: - items: - properties: - directory: - type: "string" - files: - items: - type: "string" - type: "array" - ruleStr: - type: "string" - type: "object" - type: "array" - type: "object" - type: "object" - optionsConfigRefs: - properties: - delegateOptions: - items: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - type: "array" - type: "object" - redirectAction: - properties: - hostRedirect: - type: "string" - httpsRedirect: - type: "boolean" - pathRedirect: - type: "string" - portRedirect: - maximum: 4294967295.0 - minimum: 0.0 - nullable: true - type: "integer" - prefixRewrite: - type: "string" - regexRewrite: - properties: - pattern: - properties: - googleRe2: - properties: - maxProgramSize: - maximum: 4294967295.0 - minimum: 0.0 - nullable: true - type: "integer" - type: "object" - regex: - type: "string" - type: "object" - substitution: - type: "string" - type: "object" - responseCode: - type: "string" - x-kubernetes-int-or-string: true - stripQuery: - type: "boolean" - type: "object" - routeAction: - properties: - clusterHeader: - type: "string" - dynamicForwardProxy: - properties: - autoHostRewriteHeader: - type: "string" - hostRewrite: - type: "string" - type: "object" - multi: - properties: - destinations: - items: - properties: - destination: - properties: - consul: - properties: - dataCenters: - items: - type: "string" - type: "array" - serviceName: - type: "string" - tags: - items: - type: "string" - type: "array" - type: "object" - destinationSpec: + responseTransformation: properties: - aws: + headerBodyTransform: properties: - invocationStyle: - type: "string" - x-kubernetes-int-or-string: true - logicalName: - type: "string" - requestTransformation: - type: "boolean" - responseTransformation: - type: "boolean" - unwrapAsAlb: - type: "boolean" - unwrapAsApiGateway: - type: "boolean" - wrapAsApiGateway: + addRequestMetadata: type: "boolean" type: "object" - azure: - properties: - functionName: - type: "string" - type: "object" - grpc: + logRequestResponseInfo: + type: "boolean" + transformationTemplate: properties: - function: - type: "string" - package: - type: "string" - parameters: + advancedTemplates: + type: "boolean" + body: properties: - headers: - additionalProperties: - type: "string" - type: "object" - path: - nullable: true + text: type: "string" type: "object" - service: - type: "string" - type: "object" - rest: - properties: - functionName: - type: "string" - parameters: - properties: - headers: - additionalProperties: + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: type: "string" - type: "object" - path: - nullable: true - type: "string" - type: "object" - responseTransformation: - properties: - advancedTemplates: - type: "boolean" - body: - properties: - text: - type: "string" - type: "object" - dynamicMetadataValues: - items: + metadataNamespace: + type: "string" + value: properties: - key: - type: "string" - metadataNamespace: + text: type: "string" - value: - properties: - text: - type: "string" - type: "object" type: "object" - type: "array" - escapeCharacters: - type: "boolean" - extractors: - additionalProperties: + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: properties: - body: - maxProperties: 0 + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + type: "object" + type: "object" + timeout: + type: "string" + tracing: + properties: + propagate: + nullable: true + type: "boolean" + routeDescriptor: + type: "string" + tracePercentages: + properties: + clientSamplePercentage: + nullable: true + type: "number" + overallSamplePercentage: + nullable: true + type: "number" + randomSamplePercentage: + nullable: true + type: "number" + type: "object" + type: "object" + transformations: + properties: + clearRouteCache: + type: "boolean" + requestTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + upgrades: + items: + properties: + connect: + properties: + enabled: + nullable: true + type: "boolean" + type: "object" + websocket: + properties: + enabled: + nullable: true + type: "boolean" + type: "object" + type: "object" + type: "array" + waf: + properties: + auditLogging: + properties: + action: + type: "string" + x-kubernetes-int-or-string: true + location: + type: "string" + x-kubernetes-int-or-string: true + type: "object" + configMapRuleSets: + items: + properties: + configMapRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + dataMapKeys: + items: + type: "string" + type: "array" + type: "object" + type: "array" + coreRuleSet: + properties: + customSettingsFile: + type: "string" + customSettingsString: + type: "string" + type: "object" + customInterventionMessage: + type: "string" + disabled: + type: "boolean" + requestHeadersOnly: + type: "boolean" + responseHeadersOnly: + type: "boolean" + ruleSets: + items: + properties: + directory: + type: "string" + files: + items: + type: "string" + type: "array" + ruleStr: + type: "string" + type: "object" + type: "array" + type: "object" + type: "object" + optionsConfigRefs: + properties: + delegateOptions: + items: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + type: "array" + type: "object" + redirectAction: + properties: + hostRedirect: + type: "string" + httpsRedirect: + type: "boolean" + pathRedirect: + type: "string" + portRedirect: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + prefixRewrite: + type: "string" + regexRewrite: + properties: + pattern: + properties: + googleRe2: + properties: + maxProgramSize: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" + regex: + type: "string" + type: "object" + substitution: + type: "string" + type: "object" + responseCode: + type: "string" + x-kubernetes-int-or-string: true + stripQuery: + type: "boolean" + type: "object" + routeAction: + properties: + clusterHeader: + type: "string" + dynamicForwardProxy: + properties: + autoHostRewriteHeader: + type: "string" + hostRewrite: + type: "string" + type: "object" + multi: + properties: + destinations: + items: + properties: + destination: + properties: + consul: + properties: + dataCenters: + items: + type: "string" + type: "array" + serviceName: + type: "string" + tags: + items: + type: "string" + type: "array" + type: "object" + destinationSpec: + properties: + aws: + properties: + invocationStyle: + type: "string" + x-kubernetes-int-or-string: true + logicalName: + type: "string" + requestTransformation: + type: "boolean" + responseTransformation: + type: "boolean" + unwrapAsAlb: + type: "boolean" + unwrapAsApiGateway: + type: "boolean" + wrapAsApiGateway: + type: "boolean" + type: "object" + azure: + properties: + functionName: + type: "string" + type: "object" + grpc: + properties: + function: + type: "string" + package: + type: "string" + parameters: + properties: + headers: + additionalProperties: + type: "string" + type: "object" + path: + nullable: true + type: "string" + type: "object" + service: + type: "string" + type: "object" + rest: + properties: + functionName: + type: "string" + parameters: + properties: + headers: + additionalProperties: + type: "string" + type: "object" + path: + nullable: true + type: "string" + type: "object" + responseTransformation: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + type: "object" + type: "object" + kube: + properties: + port: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + ref: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + type: "object" + subset: + properties: + values: + additionalProperties: + type: "string" + type: "object" + type: "object" + upstream: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + type: "object" + options: + properties: + bufferPerRoute: + properties: + buffer: + properties: + maxRequestBytes: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" + disabled: + type: "boolean" + type: "object" + csrf: + properties: + additionalOrigins: + items: + properties: + exact: + type: "string" + ignoreCase: + type: "boolean" + prefix: + type: "string" + safeRegex: + properties: + googleRe2: + properties: + maxProgramSize: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" + regex: + type: "string" + type: "object" + suffix: + type: "string" + type: "object" + type: "array" + filterEnabled: + properties: + defaultValue: + properties: + denominator: + type: "string" + x-kubernetes-int-or-string: true + numerator: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + runtimeKey: + type: "string" + type: "object" + shadowEnabled: + properties: + defaultValue: + properties: + denominator: + type: "string" + x-kubernetes-int-or-string: true + numerator: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + runtimeKey: + type: "string" + type: "object" + type: "object" + extauth: + properties: + configRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + customAuth: + properties: + contextExtensions: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + type: "object" + disable: + type: "boolean" + type: "object" + extensions: + properties: + configs: + additionalProperties: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + headerManipulation: + properties: + requestHeadersToAdd: + items: + properties: + append: + nullable: true + type: "boolean" + header: + properties: + key: + type: "string" + value: + type: "string" + type: "object" + headerSecretRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + type: "object" + type: "array" + requestHeadersToRemove: + items: + type: "string" + type: "array" + responseHeadersToAdd: + items: + properties: + append: + nullable: true + type: "boolean" + header: + properties: + key: + type: "string" + value: + type: "string" + type: "object" + type: "object" + type: "array" + responseHeadersToRemove: + items: + type: "string" + type: "array" + type: "object" + stagedTransformations: + properties: + early: + properties: + requestTransforms: + items: + properties: + clearRouteCache: + type: "boolean" + matcher: + properties: + caseSensitive: + nullable: true + type: "boolean" + connectMatcher: + type: "object" + exact: + type: "string" + headers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + methods: + items: + type: "string" + type: "array" + prefix: + type: "string" + queryParameters: + items: + properties: + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + regex: + type: "string" + type: "object" + requestTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + responseTransforms: + items: + properties: + matchers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + responseCodeDetails: + type: "string" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" type: "object" - header: - type: "string" - mode: - type: "string" - x-kubernetes-int-or-string: true - regex: - type: "string" - replacementText: - nullable: true - type: "string" - subgroup: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - type: "object" - headers: - additionalProperties: - properties: - text: - type: "string" - type: "object" - type: "object" - headersToAppend: - items: - properties: - key: - type: "string" - value: + xsltTransformation: properties: - text: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: type: "string" type: "object" type: "object" - type: "array" - headersToRemove: - items: - type: "string" - type: "array" - ignoreErrorOnParse: - type: "boolean" - mergeExtractorsToBody: - type: "object" - parseBodyBehavior: - type: "string" - x-kubernetes-int-or-string: true - passthrough: - type: "object" - type: "object" - type: "object" - type: "object" - kube: - properties: - port: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - ref: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - type: "object" - subset: - properties: - values: - additionalProperties: - type: "string" - type: "object" - type: "object" - upstream: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - type: "object" - options: - properties: - bufferPerRoute: - properties: - buffer: - properties: - maxRequestBytes: - maximum: 4294967295.0 - minimum: 0.0 - nullable: true - type: "integer" - type: "object" - disabled: - type: "boolean" - type: "object" - csrf: - properties: - additionalOrigins: - items: - properties: - exact: - type: "string" - ignoreCase: - type: "boolean" - prefix: - type: "string" - safeRegex: - properties: - googleRe2: - properties: - maxProgramSize: - maximum: 4294967295.0 - minimum: 0.0 - nullable: true - type: "integer" - type: "object" - regex: - type: "string" type: "object" - suffix: - type: "string" - type: "object" - type: "array" - filterEnabled: - properties: - defaultValue: - properties: - denominator: - type: "string" - x-kubernetes-int-or-string: true - numerator: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - runtimeKey: - type: "string" - type: "object" - shadowEnabled: - properties: - defaultValue: - properties: - denominator: - type: "string" - x-kubernetes-int-or-string: true - numerator: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - runtimeKey: - type: "string" - type: "object" - type: "object" - extauth: - properties: - configRef: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - customAuth: - properties: - contextExtensions: - additionalProperties: - type: "string" - type: "object" - name: - type: "string" + type: "array" type: "object" - disable: + escapeCharacters: + nullable: true type: "boolean" - type: "object" - extensions: - properties: - configs: - additionalProperties: - type: "object" - x-kubernetes-preserve-unknown-fields: true - type: "object" - type: "object" - headerManipulation: - properties: - requestHeadersToAdd: - items: - properties: - append: - nullable: true - type: "boolean" - header: - properties: - key: - type: "string" - value: - type: "string" - type: "object" - headerSecretRef: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - type: "object" - type: "array" - requestHeadersToRemove: - items: - type: "string" - type: "array" - responseHeadersToAdd: - items: - properties: - append: - nullable: true - type: "boolean" - header: - properties: - key: - type: "string" - value: - type: "string" - type: "object" - type: "object" - type: "array" - responseHeadersToRemove: - items: - type: "string" - type: "array" - type: "object" - stagedTransformations: - properties: - early: + inheritTransformation: + type: "boolean" + logRequestResponseInfo: + nullable: true + type: "boolean" + postRouting: properties: requestTransforms: items: @@ -2867,6 +3657,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2967,6 +3759,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -3087,6 +3881,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -3169,14 +3965,6 @@ spec: type: "object" type: "array" type: "object" - escapeCharacters: - nullable: true - type: "boolean" - inheritTransformation: - type: "boolean" - logRequestResponseInfo: - nullable: true - type: "boolean" regular: properties: requestTransforms: @@ -3247,6 +4035,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -3347,6 +4137,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -3467,6 +4259,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -3575,6 +4369,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -3675,6 +4471,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -3849,6 +4647,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml index e37d69543..eee022e44 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml @@ -1316,6 +1316,14 @@ spec: type: "integer" perTryTimeout: type: "string" + previousPriorities: + properties: + updateFrequency: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" retryBackOff: properties: baseInterval: @@ -1398,6 +1406,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1498,6 +1508,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1618,6 +1630,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1708,6 +1722,384 @@ spec: logRequestResponseInfo: nullable: true type: "boolean" + postRouting: + properties: + requestTransforms: + items: + properties: + clearRouteCache: + type: "boolean" + matcher: + properties: + caseSensitive: + nullable: true + type: "boolean" + connectMatcher: + type: "object" + exact: + type: "string" + headers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + methods: + items: + type: "string" + type: "array" + prefix: + type: "string" + queryParameters: + items: + properties: + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + regex: + type: "string" + type: "object" + requestTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + responseTransforms: + items: + properties: + matchers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + responseCodeDetails: + type: "string" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + type: "object" regular: properties: requestTransforms: @@ -1778,6 +2170,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1878,6 +2272,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1998,6 +2394,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2120,6 +2518,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2220,6 +2620,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2357,21 +2759,23 @@ spec: type: "array" type: "object" type: "object" - targetRef: - properties: - group: - type: "string" - kind: - type: "string" - name: - type: "string" - namespace: - nullable: true - type: "string" - sectionName: - nullable: true - type: "string" - type: "object" + targetRefs: + items: + properties: + group: + type: "string" + kind: + type: "string" + name: + type: "string" + namespace: + nullable: true + type: "string" + sectionName: + nullable: true + type: "string" + type: "object" + type: "array" type: "object" status: default: {} diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml index 42fbfc3ea..3dd7efc5b 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml @@ -1406,6 +1406,14 @@ spec: type: "integer" perTryTimeout: type: "string" + previousPriorities: + properties: + updateFrequency: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" retryBackOff: properties: baseInterval: @@ -1488,6 +1496,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1588,6 +1598,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1708,6 +1720,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1798,7 +1812,7 @@ spec: logRequestResponseInfo: nullable: true type: "boolean" - regular: + postRouting: properties: requestTransforms: items: @@ -1868,6 +1882,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1968,6 +1984,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2088,6 +2106,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2170,126 +2190,404 @@ spec: type: "object" type: "array" type: "object" - type: "object" - stats: - properties: - virtualClusters: - items: - properties: - method: - type: "string" - name: - type: "string" - pattern: - type: "string" - type: "object" - type: "array" - type: "object" - transformations: - properties: - clearRouteCache: - type: "boolean" - requestTransformation: + regular: properties: - headerBodyTransform: - properties: - addRequestMetadata: - type: "boolean" - type: "object" - logRequestResponseInfo: - type: "boolean" - transformationTemplate: - properties: - advancedTemplates: - type: "boolean" - body: - properties: - text: - type: "string" - type: "object" - dynamicMetadataValues: - items: - properties: - key: - type: "string" - metadataNamespace: - type: "string" - value: - properties: - text: - type: "string" - type: "object" - type: "object" - type: "array" - escapeCharacters: - nullable: true - type: "boolean" - extractors: - additionalProperties: + requestTransforms: + items: + properties: + clearRouteCache: + type: "boolean" + matcher: properties: - body: - maxProperties: 0 + caseSensitive: + nullable: true + type: "boolean" + connectMatcher: type: "object" - header: + exact: type: "string" - mode: + headers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + methods: + items: + type: "string" + type: "array" + prefix: type: "string" - x-kubernetes-int-or-string: true + queryParameters: + items: + properties: + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" regex: type: "string" - replacementText: - nullable: true - type: "string" - subgroup: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - type: "object" - headers: - additionalProperties: - properties: - text: - type: "string" type: "object" - type: "object" - headersToAppend: - items: + requestTransformation: properties: - key: - type: "string" - value: + headerBodyTransform: properties: - text: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: type: "string" type: "object" type: "object" - type: "array" - headersToRemove: - items: - type: "string" - type: "array" - ignoreErrorOnParse: - type: "boolean" - mergeExtractorsToBody: - type: "object" - parseBodyBehavior: - type: "string" - x-kubernetes-int-or-string: true - passthrough: - type: "object" - type: "object" - xsltTransformation: - properties: - nonXmlTransform: - type: "boolean" - setContentType: - type: "string" - xslt: - type: "string" - type: "object" - type: "object" - responseTransformation: + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + responseTransforms: + items: + properties: + matchers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + responseCodeDetails: + type: "string" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + type: "object" + type: "object" + stats: + properties: + virtualClusters: + items: + properties: + method: + type: "string" + name: + type: "string" + pattern: + type: "string" + type: "object" + type: "array" + type: "object" + transformations: + properties: + clearRouteCache: + type: "boolean" + requestTransformation: properties: headerBodyTransform: properties: @@ -2310,6 +2608,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -2389,15 +2689,117 @@ spec: type: "string" type: "object" type: "object" - type: "object" - waf: - properties: - auditLogging: + responseTransformation: properties: - action: - type: "string" - x-kubernetes-int-or-string: true - location: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + waf: + properties: + auditLogging: + properties: + action: + type: "string" + x-kubernetes-int-or-string: true + location: type: "string" x-kubernetes-int-or-string: true type: "object" @@ -3746,6 +4148,14 @@ spec: type: "integer" perTryTimeout: type: "string" + previousPriorities: + properties: + updateFrequency: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" retryBackOff: properties: baseInterval: @@ -3840,6 +4250,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -3940,6 +4352,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -4060,6 +4474,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -4150,7 +4566,7 @@ spec: logRequestResponseInfo: nullable: true type: "boolean" - regular: + postRouting: properties: requestTransforms: items: @@ -4220,6 +4636,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -4320,6 +4738,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -4440,6 +4860,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -4522,713 +4944,1483 @@ spec: type: "object" type: "array" type: "object" - type: "object" - timeout: - type: "string" - tracing: - properties: - propagate: - nullable: true - type: "boolean" - routeDescriptor: - type: "string" - tracePercentages: - properties: - clientSamplePercentage: - nullable: true - type: "number" - overallSamplePercentage: - nullable: true - type: "number" - randomSamplePercentage: - nullable: true - type: "number" - type: "object" - type: "object" - transformations: - properties: - clearRouteCache: - type: "boolean" - requestTransformation: + regular: properties: - headerBodyTransform: - properties: - addRequestMetadata: - type: "boolean" - type: "object" - logRequestResponseInfo: - type: "boolean" - transformationTemplate: - properties: - advancedTemplates: - type: "boolean" - body: - properties: - text: - type: "string" - type: "object" - dynamicMetadataValues: - items: - properties: - key: - type: "string" - metadataNamespace: - type: "string" - value: - properties: - text: - type: "string" - type: "object" - type: "object" - type: "array" - escapeCharacters: - nullable: true - type: "boolean" - extractors: - additionalProperties: + requestTransforms: + items: + properties: + clearRouteCache: + type: "boolean" + matcher: properties: - body: - maxProperties: 0 + caseSensitive: + nullable: true + type: "boolean" + connectMatcher: type: "object" - header: + exact: type: "string" - mode: + headers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + methods: + items: + type: "string" + type: "array" + prefix: type: "string" - x-kubernetes-int-or-string: true + queryParameters: + items: + properties: + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" regex: type: "string" - replacementText: - nullable: true - type: "string" - subgroup: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - type: "object" - headers: - additionalProperties: - properties: - text: - type: "string" type: "object" - type: "object" - headersToAppend: - items: + requestTransformation: properties: - key: - type: "string" - value: + headerBodyTransform: properties: - text: - type: "string" + addRequestMetadata: + type: "boolean" type: "object" - type: "object" - type: "array" - headersToRemove: - items: - type: "string" - type: "array" - ignoreErrorOnParse: - type: "boolean" - mergeExtractorsToBody: - type: "object" - parseBodyBehavior: - type: "string" - x-kubernetes-int-or-string: true - passthrough: - type: "object" - type: "object" - xsltTransformation: - properties: - nonXmlTransform: - type: "boolean" - setContentType: - type: "string" - xslt: - type: "string" - type: "object" - type: "object" - responseTransformation: - properties: - headerBodyTransform: - properties: - addRequestMetadata: - type: "boolean" - type: "object" - logRequestResponseInfo: - type: "boolean" - transformationTemplate: - properties: - advancedTemplates: - type: "boolean" - body: - properties: - text: - type: "string" - type: "object" - dynamicMetadataValues: - items: - properties: - key: - type: "string" - metadataNamespace: - type: "string" - value: + logRequestResponseInfo: + type: "boolean" + transformationTemplate: properties: - text: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" type: "object" - type: "object" - type: "array" - escapeCharacters: - nullable: true - type: "boolean" - extractors: - additionalProperties: - properties: - body: - maxProperties: 0 + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" type: "object" - header: - type: "string" - mode: - type: "string" - x-kubernetes-int-or-string: true - regex: - type: "string" - replacementText: - nullable: true - type: "string" - subgroup: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - type: "object" - headers: - additionalProperties: - properties: - text: - type: "string" type: "object" - type: "object" - headersToAppend: - items: + responseTransformation: properties: - key: - type: "string" - value: + headerBodyTransform: properties: - text: - type: "string" + addRequestMetadata: + type: "boolean" type: "object" - type: "object" - type: "array" - headersToRemove: - items: - type: "string" - type: "array" - ignoreErrorOnParse: - type: "boolean" - mergeExtractorsToBody: - type: "object" - parseBodyBehavior: - type: "string" - x-kubernetes-int-or-string: true - passthrough: - type: "object" - type: "object" - xsltTransformation: - properties: - nonXmlTransform: - type: "boolean" - setContentType: - type: "string" - xslt: - type: "string" - type: "object" - type: "object" - type: "object" - upgrades: - items: - properties: - connect: - properties: - enabled: - nullable: true - type: "boolean" - type: "object" - websocket: - properties: - enabled: - nullable: true - type: "boolean" - type: "object" - type: "object" - type: "array" - waf: - properties: - auditLogging: - properties: - action: - type: "string" - x-kubernetes-int-or-string: true - location: - type: "string" - x-kubernetes-int-or-string: true - type: "object" - configMapRuleSets: - items: - properties: - configMapRef: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - dataMapKeys: - items: - type: "string" - type: "array" - type: "object" - type: "array" - coreRuleSet: - properties: - customSettingsFile: - type: "string" - customSettingsString: - type: "string" - type: "object" - customInterventionMessage: - type: "string" - disabled: - type: "boolean" - requestHeadersOnly: - type: "boolean" - responseHeadersOnly: - type: "boolean" - ruleSets: - items: - properties: - directory: - type: "string" - files: - items: - type: "string" - type: "array" - ruleStr: - type: "string" - type: "object" - type: "array" - type: "object" - type: "object" - optionsConfigRefs: - properties: - delegateOptions: - items: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - type: "array" - type: "object" - redirectAction: - properties: - hostRedirect: - type: "string" - httpsRedirect: - type: "boolean" - pathRedirect: - type: "string" - portRedirect: - maximum: 4294967295.0 - minimum: 0.0 - nullable: true - type: "integer" - prefixRewrite: - type: "string" - regexRewrite: - properties: - pattern: - properties: - googleRe2: - properties: - maxProgramSize: - maximum: 4294967295.0 - minimum: 0.0 - nullable: true - type: "integer" - type: "object" - regex: - type: "string" - type: "object" - substitution: - type: "string" - type: "object" - responseCode: - type: "string" - x-kubernetes-int-or-string: true - stripQuery: - type: "boolean" - type: "object" - routeAction: - properties: - clusterHeader: - type: "string" - dynamicForwardProxy: - properties: - autoHostRewriteHeader: - type: "string" - hostRewrite: - type: "string" - type: "object" - multi: - properties: - destinations: - items: - properties: - destination: - properties: - consul: - properties: - dataCenters: - items: - type: "string" - type: "array" - serviceName: - type: "string" - tags: - items: - type: "string" - type: "array" - type: "object" - destinationSpec: - properties: - aws: + logRequestResponseInfo: + type: "boolean" + transformationTemplate: properties: - invocationStyle: - type: "string" - x-kubernetes-int-or-string: true - logicalName: - type: "string" - requestTransformation: - type: "boolean" - responseTransformation: - type: "boolean" - unwrapAsAlb: + advancedTemplates: type: "boolean" - unwrapAsApiGateway: + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true type: "boolean" - wrapAsApiGateway: + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: type: "boolean" - type: "object" - azure: - properties: - functionName: + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" type: "object" - grpc: + xsltTransformation: properties: - function: - type: "string" - package: + nonXmlTransform: + type: "boolean" + setContentType: type: "string" - parameters: - properties: - headers: - additionalProperties: - type: "string" - type: "object" - path: - nullable: true - type: "string" - type: "object" - service: + xslt: type: "string" type: "object" - rest: + type: "object" + type: "object" + type: "array" + responseTransforms: + items: + properties: + matchers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + responseCodeDetails: + type: "string" + responseTransformation: + properties: + headerBodyTransform: properties: - functionName: - type: "string" - parameters: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: properties: - headers: - additionalProperties: - type: "string" - type: "object" - path: - nullable: true + text: type: "string" type: "object" - responseTransformation: - properties: - advancedTemplates: - type: "boolean" - body: - properties: - text: - type: "string" - type: "object" - dynamicMetadataValues: - items: + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: properties: - key: - type: "string" - metadataNamespace: + text: type: "string" - value: - properties: - text: - type: "string" - type: "object" type: "object" - type: "array" - escapeCharacters: - type: "boolean" - extractors: - additionalProperties: + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: properties: - body: - maxProperties: 0 + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + type: "object" + type: "object" + timeout: + type: "string" + tracing: + properties: + propagate: + nullable: true + type: "boolean" + routeDescriptor: + type: "string" + tracePercentages: + properties: + clientSamplePercentage: + nullable: true + type: "number" + overallSamplePercentage: + nullable: true + type: "number" + randomSamplePercentage: + nullable: true + type: "number" + type: "object" + type: "object" + transformations: + properties: + clearRouteCache: + type: "boolean" + requestTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + upgrades: + items: + properties: + connect: + properties: + enabled: + nullable: true + type: "boolean" + type: "object" + websocket: + properties: + enabled: + nullable: true + type: "boolean" + type: "object" + type: "object" + type: "array" + waf: + properties: + auditLogging: + properties: + action: + type: "string" + x-kubernetes-int-or-string: true + location: + type: "string" + x-kubernetes-int-or-string: true + type: "object" + configMapRuleSets: + items: + properties: + configMapRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + dataMapKeys: + items: + type: "string" + type: "array" + type: "object" + type: "array" + coreRuleSet: + properties: + customSettingsFile: + type: "string" + customSettingsString: + type: "string" + type: "object" + customInterventionMessage: + type: "string" + disabled: + type: "boolean" + requestHeadersOnly: + type: "boolean" + responseHeadersOnly: + type: "boolean" + ruleSets: + items: + properties: + directory: + type: "string" + files: + items: + type: "string" + type: "array" + ruleStr: + type: "string" + type: "object" + type: "array" + type: "object" + type: "object" + optionsConfigRefs: + properties: + delegateOptions: + items: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + type: "array" + type: "object" + redirectAction: + properties: + hostRedirect: + type: "string" + httpsRedirect: + type: "boolean" + pathRedirect: + type: "string" + portRedirect: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + prefixRewrite: + type: "string" + regexRewrite: + properties: + pattern: + properties: + googleRe2: + properties: + maxProgramSize: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" + regex: + type: "string" + type: "object" + substitution: + type: "string" + type: "object" + responseCode: + type: "string" + x-kubernetes-int-or-string: true + stripQuery: + type: "boolean" + type: "object" + routeAction: + properties: + clusterHeader: + type: "string" + dynamicForwardProxy: + properties: + autoHostRewriteHeader: + type: "string" + hostRewrite: + type: "string" + type: "object" + multi: + properties: + destinations: + items: + properties: + destination: + properties: + consul: + properties: + dataCenters: + items: + type: "string" + type: "array" + serviceName: + type: "string" + tags: + items: + type: "string" + type: "array" + type: "object" + destinationSpec: + properties: + aws: + properties: + invocationStyle: + type: "string" + x-kubernetes-int-or-string: true + logicalName: + type: "string" + requestTransformation: + type: "boolean" + responseTransformation: + type: "boolean" + unwrapAsAlb: + type: "boolean" + unwrapAsApiGateway: + type: "boolean" + wrapAsApiGateway: + type: "boolean" + type: "object" + azure: + properties: + functionName: + type: "string" + type: "object" + grpc: + properties: + function: + type: "string" + package: + type: "string" + parameters: + properties: + headers: + additionalProperties: + type: "string" + type: "object" + path: + nullable: true + type: "string" + type: "object" + service: + type: "string" + type: "object" + rest: + properties: + functionName: + type: "string" + parameters: + properties: + headers: + additionalProperties: + type: "string" + type: "object" + path: + nullable: true + type: "string" + type: "object" + responseTransformation: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + type: "object" + type: "object" + kube: + properties: + port: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + ref: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + type: "object" + subset: + properties: + values: + additionalProperties: + type: "string" + type: "object" + type: "object" + upstream: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + type: "object" + options: + properties: + bufferPerRoute: + properties: + buffer: + properties: + maxRequestBytes: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" + disabled: + type: "boolean" + type: "object" + csrf: + properties: + additionalOrigins: + items: + properties: + exact: + type: "string" + ignoreCase: + type: "boolean" + prefix: + type: "string" + safeRegex: + properties: + googleRe2: + properties: + maxProgramSize: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + type: "object" + regex: + type: "string" + type: "object" + suffix: + type: "string" + type: "object" + type: "array" + filterEnabled: + properties: + defaultValue: + properties: + denominator: + type: "string" + x-kubernetes-int-or-string: true + numerator: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + runtimeKey: + type: "string" + type: "object" + shadowEnabled: + properties: + defaultValue: + properties: + denominator: + type: "string" + x-kubernetes-int-or-string: true + numerator: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + runtimeKey: + type: "string" + type: "object" + type: "object" + extauth: + properties: + configRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + customAuth: + properties: + contextExtensions: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + type: "object" + disable: + type: "boolean" + type: "object" + extensions: + properties: + configs: + additionalProperties: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + headerManipulation: + properties: + requestHeadersToAdd: + items: + properties: + append: + nullable: true + type: "boolean" + header: + properties: + key: + type: "string" + value: + type: "string" + type: "object" + headerSecretRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + type: "object" + type: "array" + requestHeadersToRemove: + items: + type: "string" + type: "array" + responseHeadersToAdd: + items: + properties: + append: + nullable: true + type: "boolean" + header: + properties: + key: + type: "string" + value: + type: "string" + type: "object" + type: "object" + type: "array" + responseHeadersToRemove: + items: + type: "string" + type: "array" + type: "object" + stagedTransformations: + properties: + early: + properties: + requestTransforms: + items: + properties: + clearRouteCache: + type: "boolean" + matcher: + properties: + caseSensitive: + nullable: true + type: "boolean" + connectMatcher: + type: "object" + exact: + type: "string" + headers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + methods: + items: + type: "string" + type: "array" + prefix: + type: "string" + queryParameters: + items: + properties: + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + regex: + type: "string" + type: "object" + requestTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + responseTransforms: + items: + properties: + matchers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + responseCodeDetails: + type: "string" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" type: "object" - header: - type: "string" - mode: - type: "string" - x-kubernetes-int-or-string: true - regex: - type: "string" - replacementText: - nullable: true - type: "string" - subgroup: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - type: "object" - headers: - additionalProperties: - properties: - text: - type: "string" - type: "object" - type: "object" - headersToAppend: - items: - properties: - key: - type: "string" - value: + xsltTransformation: properties: - text: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: type: "string" type: "object" type: "object" - type: "array" - headersToRemove: - items: - type: "string" - type: "array" - ignoreErrorOnParse: - type: "boolean" - mergeExtractorsToBody: - type: "object" - parseBodyBehavior: - type: "string" - x-kubernetes-int-or-string: true - passthrough: - type: "object" - type: "object" - type: "object" - type: "object" - kube: - properties: - port: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - ref: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - type: "object" - subset: - properties: - values: - additionalProperties: - type: "string" - type: "object" - type: "object" - upstream: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - type: "object" - options: - properties: - bufferPerRoute: - properties: - buffer: - properties: - maxRequestBytes: - maximum: 4294967295.0 - minimum: 0.0 - nullable: true - type: "integer" - type: "object" - disabled: - type: "boolean" - type: "object" - csrf: - properties: - additionalOrigins: - items: - properties: - exact: - type: "string" - ignoreCase: - type: "boolean" - prefix: - type: "string" - safeRegex: - properties: - googleRe2: - properties: - maxProgramSize: - maximum: 4294967295.0 - minimum: 0.0 - nullable: true - type: "integer" - type: "object" - regex: - type: "string" type: "object" - suffix: - type: "string" - type: "object" - type: "array" - filterEnabled: - properties: - defaultValue: - properties: - denominator: - type: "string" - x-kubernetes-int-or-string: true - numerator: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - runtimeKey: - type: "string" - type: "object" - shadowEnabled: - properties: - defaultValue: - properties: - denominator: - type: "string" - x-kubernetes-int-or-string: true - numerator: - maximum: 4294967295.0 - minimum: 0.0 - type: "integer" - type: "object" - runtimeKey: - type: "string" - type: "object" - type: "object" - extauth: - properties: - configRef: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - customAuth: - properties: - contextExtensions: - additionalProperties: - type: "string" - type: "object" - name: - type: "string" + type: "array" type: "object" - disable: + escapeCharacters: + nullable: true type: "boolean" - type: "object" - extensions: - properties: - configs: - additionalProperties: - type: "object" - x-kubernetes-preserve-unknown-fields: true - type: "object" - type: "object" - headerManipulation: - properties: - requestHeadersToAdd: - items: - properties: - append: - nullable: true - type: "boolean" - header: - properties: - key: - type: "string" - value: - type: "string" - type: "object" - headerSecretRef: - properties: - name: - type: "string" - namespace: - type: "string" - type: "object" - type: "object" - type: "array" - requestHeadersToRemove: - items: - type: "string" - type: "array" - responseHeadersToAdd: - items: - properties: - append: - nullable: true - type: "boolean" - header: - properties: - key: - type: "string" - value: - type: "string" - type: "object" - type: "object" - type: "array" - responseHeadersToRemove: - items: - type: "string" - type: "array" - type: "object" - stagedTransformations: - properties: - early: + inheritTransformation: + type: "boolean" + logRequestResponseInfo: + nullable: true + type: "boolean" + postRouting: properties: requestTransforms: items: @@ -5298,6 +6490,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -5398,6 +6592,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -5518,6 +6714,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -5600,14 +6798,6 @@ spec: type: "object" type: "array" type: "object" - escapeCharacters: - nullable: true - type: "boolean" - inheritTransformation: - type: "boolean" - logRequestResponseInfo: - nullable: true - type: "boolean" regular: properties: requestTransforms: @@ -5678,6 +6868,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -5778,6 +6970,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -5898,6 +7092,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -6006,6 +7202,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -6106,6 +7304,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -6280,6 +7480,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml index d2da23b34..e5c3daa6c 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml @@ -639,6 +639,9 @@ spec: enableAutoMtls: nullable: true type: "boolean" + enableIntegration: + nullable: true + type: "boolean" type: "object" logTransformationRequestResponseInfo: nullable: true diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml index d508bed6d..54e8febde 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml @@ -108,6 +108,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -430,6 +432,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -530,6 +534,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -650,6 +656,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -740,6 +748,384 @@ spec: logRequestResponseInfo: nullable: true type: "boolean" + postRouting: + properties: + requestTransforms: + items: + properties: + clearRouteCache: + type: "boolean" + matcher: + properties: + caseSensitive: + nullable: true + type: "boolean" + connectMatcher: + type: "object" + exact: + type: "string" + headers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + methods: + items: + type: "string" + type: "array" + prefix: + type: "string" + queryParameters: + items: + properties: + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + regex: + type: "string" + type: "object" + requestTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + responseTransforms: + items: + properties: + matchers: + items: + properties: + invertMatch: + type: "boolean" + name: + type: "string" + regex: + type: "boolean" + value: + type: "string" + type: "object" + type: "array" + responseCodeDetails: + type: "string" + responseTransformation: + properties: + headerBodyTransform: + properties: + addRequestMetadata: + type: "boolean" + type: "object" + logRequestResponseInfo: + type: "boolean" + transformationTemplate: + properties: + advancedTemplates: + type: "boolean" + body: + properties: + text: + type: "string" + type: "object" + dynamicMetadataValues: + items: + properties: + jsonToProto: + type: "boolean" + key: + type: "string" + metadataNamespace: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + escapeCharacters: + nullable: true + type: "boolean" + extractors: + additionalProperties: + properties: + body: + maxProperties: 0 + type: "object" + header: + type: "string" + mode: + type: "string" + x-kubernetes-int-or-string: true + regex: + type: "string" + replacementText: + nullable: true + type: "string" + subgroup: + maximum: 4294967295.0 + minimum: 0.0 + type: "integer" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + text: + type: "string" + type: "object" + type: "object" + headersToAppend: + items: + properties: + key: + type: "string" + value: + properties: + text: + type: "string" + type: "object" + type: "object" + type: "array" + headersToRemove: + items: + type: "string" + type: "array" + ignoreErrorOnParse: + type: "boolean" + mergeExtractorsToBody: + type: "object" + parseBodyBehavior: + type: "string" + x-kubernetes-int-or-string: true + passthrough: + type: "object" + type: "object" + xsltTransformation: + properties: + nonXmlTransform: + type: "boolean" + setContentType: + type: "string" + xslt: + type: "string" + type: "object" + type: "object" + type: "object" + type: "array" + type: "object" regular: properties: requestTransforms: @@ -810,6 +1196,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -910,6 +1298,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1030,6 +1420,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1138,6 +1530,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1238,6 +1632,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml index 6ca31364f..b95febd70 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml @@ -322,6 +322,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -453,6 +455,11 @@ spec: minimum: 0.0 nullable: true type: "integer" + metadata: + additionalProperties: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" port: maximum: 4294967295.0 minimum: 0.0 @@ -952,6 +959,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1299,6 +1308,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: @@ -1483,6 +1494,11 @@ spec: minimum: 0.0 nullable: true type: "integer" + metadata: + additionalProperties: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" port: maximum: 4294967295.0 minimum: 0.0 @@ -1589,6 +1605,8 @@ spec: dynamicMetadataValues: items: properties: + jsonToProto: + type: "boolean" key: type: "string" metadataNamespace: diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutes.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutes.yaml index daa8669d6..bc9eaca8a 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutes.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutes.yaml @@ -71,38 +71,49 @@ spec: description: "Service defines an upstream HTTP service to proxy traffic to." properties: healthCheck: - description: "Healthcheck defines health checks for the service." + description: "Healthcheck defines health checks for ExternalName services." properties: followRedirects: + description: "FollowRedirects defines whether redirects should be followed during the health check calls.\nDefault: true" type: "boolean" headers: additionalProperties: type: "string" + description: "Headers defines custom headers to be sent to the health check endpoint." type: "object" hostname: + description: "Hostname defines the value of hostname in the Host header of the health check request." type: "string" interval: - description: "Duration is a custom type suitable for parsing duration values.\nIt supports `time.ParseDuration`-compatible values and suffix-less digits; in\nthe latter case, seconds are assumed." - format: "int64" - type: "integer" + anyOf: + - type: "integer" + - type: "string" + description: "Interval defines the frequency of the health check calls.\nDefault: 30s" + x-kubernetes-int-or-string: true method: + description: "Method defines the healthcheck method." type: "string" mode: + description: "Mode defines the health check mode.\nIf defined to grpc, will use the gRPC health check protocol to probe the server.\nDefault: http" type: "string" path: + description: "Path defines the server URL path for the health check endpoint." type: "string" port: + description: "Port defines the server URL port for the health check endpoint." type: "integer" scheme: + description: "Scheme replaces the server URL scheme for the health check endpoint." type: "string" status: + description: "Status defines the expected HTTP status code of the response to the health check request." type: "integer" timeout: - description: "Duration is a custom type suitable for parsing duration values.\nIt supports `time.ParseDuration`-compatible values and suffix-less digits; in\nthe latter case, seconds are assumed." - format: "int64" - type: "integer" - required: - - "followRedirects" + anyOf: + - type: "integer" + - type: "string" + description: "Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.\nDefault: 5s" + x-kubernetes-int-or-string: true type: "object" kind: description: "Kind defines the kind of the Service." diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewares.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewares.yaml index e3476c1f0..e7e74da20 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewares.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewares.yaml @@ -125,6 +125,9 @@ spec: compress: description: "Compress holds the compress middleware configuration.\nThis middleware compresses responses before sending them to the client, using gzip compression.\nMore info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/" properties: + defaultEncoding: + description: "DefaultEncoding specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`)." + type: "string" excludedContentTypes: description: "ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.\n`application/grpc` is always excluded." items: @@ -172,38 +175,49 @@ spec: description: "Service defines the reference to a Kubernetes Service that will serve the error page.\nMore info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service" properties: healthCheck: - description: "Healthcheck defines health checks for the service." + description: "Healthcheck defines health checks for ExternalName services." properties: followRedirects: + description: "FollowRedirects defines whether redirects should be followed during the health check calls.\nDefault: true" type: "boolean" headers: additionalProperties: type: "string" + description: "Headers defines custom headers to be sent to the health check endpoint." type: "object" hostname: + description: "Hostname defines the value of hostname in the Host header of the health check request." type: "string" interval: - description: "Duration is a custom type suitable for parsing duration values.\nIt supports `time.ParseDuration`-compatible values and suffix-less digits; in\nthe latter case, seconds are assumed." - format: "int64" - type: "integer" + anyOf: + - type: "integer" + - type: "string" + description: "Interval defines the frequency of the health check calls.\nDefault: 30s" + x-kubernetes-int-or-string: true method: + description: "Method defines the healthcheck method." type: "string" mode: + description: "Mode defines the health check mode.\nIf defined to grpc, will use the gRPC health check protocol to probe the server.\nDefault: http" type: "string" path: + description: "Path defines the server URL path for the health check endpoint." type: "string" port: + description: "Port defines the server URL port for the health check endpoint." type: "integer" scheme: + description: "Scheme replaces the server URL scheme for the health check endpoint." type: "string" status: + description: "Status defines the expected HTTP status code of the response to the health check request." type: "integer" timeout: - description: "Duration is a custom type suitable for parsing duration values.\nIt supports `time.ParseDuration`-compatible values and suffix-less digits; in\nthe latter case, seconds are assumed." - format: "int64" - type: "integer" - required: - - "followRedirects" + anyOf: + - type: "integer" + - type: "string" + description: "Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.\nDefault: 5s" + x-kubernetes-int-or-string: true type: "object" kind: description: "Kind defines the kind of the Service." @@ -385,6 +399,9 @@ spec: contentSecurityPolicy: description: "ContentSecurityPolicy defines the Content-Security-Policy header value." type: "string" + contentSecurityPolicyReportOnly: + description: "ContentSecurityPolicyReportOnly defines the Content-Security-Policy-Report-Only header value." + type: "string" contentTypeNosniff: description: "ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value." type: "boolean" diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml index 33e3bbf3a..9ebeaf320 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml @@ -33,38 +33,49 @@ spec: description: "Mirroring defines the Mirroring service configuration." properties: healthCheck: - description: "Healthcheck defines health checks for the service." + description: "Healthcheck defines health checks for ExternalName services." properties: followRedirects: + description: "FollowRedirects defines whether redirects should be followed during the health check calls.\nDefault: true" type: "boolean" headers: additionalProperties: type: "string" + description: "Headers defines custom headers to be sent to the health check endpoint." type: "object" hostname: + description: "Hostname defines the value of hostname in the Host header of the health check request." type: "string" interval: - description: "Duration is a custom type suitable for parsing duration values.\nIt supports `time.ParseDuration`-compatible values and suffix-less digits; in\nthe latter case, seconds are assumed." - format: "int64" - type: "integer" + anyOf: + - type: "integer" + - type: "string" + description: "Interval defines the frequency of the health check calls.\nDefault: 30s" + x-kubernetes-int-or-string: true method: + description: "Method defines the healthcheck method." type: "string" mode: + description: "Mode defines the health check mode.\nIf defined to grpc, will use the gRPC health check protocol to probe the server.\nDefault: http" type: "string" path: + description: "Path defines the server URL path for the health check endpoint." type: "string" port: + description: "Port defines the server URL port for the health check endpoint." type: "integer" scheme: + description: "Scheme replaces the server URL scheme for the health check endpoint." type: "string" status: + description: "Status defines the expected HTTP status code of the response to the health check request." type: "integer" timeout: - description: "Duration is a custom type suitable for parsing duration values.\nIt supports `time.ParseDuration`-compatible values and suffix-less digits; in\nthe latter case, seconds are assumed." - format: "int64" - type: "integer" - required: - - "followRedirects" + anyOf: + - type: "integer" + - type: "string" + description: "Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.\nDefault: 5s" + x-kubernetes-int-or-string: true type: "object" kind: description: "Kind defines the kind of the Service." @@ -82,38 +93,49 @@ spec: description: "MirrorService holds the mirror configuration." properties: healthCheck: - description: "Healthcheck defines health checks for the service." + description: "Healthcheck defines health checks for ExternalName services." properties: followRedirects: + description: "FollowRedirects defines whether redirects should be followed during the health check calls.\nDefault: true" type: "boolean" headers: additionalProperties: type: "string" + description: "Headers defines custom headers to be sent to the health check endpoint." type: "object" hostname: + description: "Hostname defines the value of hostname in the Host header of the health check request." type: "string" interval: - description: "Duration is a custom type suitable for parsing duration values.\nIt supports `time.ParseDuration`-compatible values and suffix-less digits; in\nthe latter case, seconds are assumed." - format: "int64" - type: "integer" + anyOf: + - type: "integer" + - type: "string" + description: "Interval defines the frequency of the health check calls.\nDefault: 30s" + x-kubernetes-int-or-string: true method: + description: "Method defines the healthcheck method." type: "string" mode: + description: "Mode defines the health check mode.\nIf defined to grpc, will use the gRPC health check protocol to probe the server.\nDefault: http" type: "string" path: + description: "Path defines the server URL path for the health check endpoint." type: "string" port: + description: "Port defines the server URL port for the health check endpoint." type: "integer" scheme: + description: "Scheme replaces the server URL scheme for the health check endpoint." type: "string" status: + description: "Status defines the expected HTTP status code of the response to the health check request." type: "integer" timeout: - description: "Duration is a custom type suitable for parsing duration values.\nIt supports `time.ParseDuration`-compatible values and suffix-less digits; in\nthe latter case, seconds are assumed." - format: "int64" - type: "integer" - required: - - "followRedirects" + anyOf: + - type: "integer" + - type: "string" + description: "Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.\nDefault: 5s" + x-kubernetes-int-or-string: true type: "object" kind: description: "Kind defines the kind of the Service." @@ -266,38 +288,49 @@ spec: description: "Service defines an upstream HTTP service to proxy traffic to." properties: healthCheck: - description: "Healthcheck defines health checks for the service." + description: "Healthcheck defines health checks for ExternalName services." properties: followRedirects: + description: "FollowRedirects defines whether redirects should be followed during the health check calls.\nDefault: true" type: "boolean" headers: additionalProperties: type: "string" + description: "Headers defines custom headers to be sent to the health check endpoint." type: "object" hostname: + description: "Hostname defines the value of hostname in the Host header of the health check request." type: "string" interval: - description: "Duration is a custom type suitable for parsing duration values.\nIt supports `time.ParseDuration`-compatible values and suffix-less digits; in\nthe latter case, seconds are assumed." - format: "int64" - type: "integer" + anyOf: + - type: "integer" + - type: "string" + description: "Interval defines the frequency of the health check calls.\nDefault: 30s" + x-kubernetes-int-or-string: true method: + description: "Method defines the healthcheck method." type: "string" mode: + description: "Mode defines the health check mode.\nIf defined to grpc, will use the gRPC health check protocol to probe the server.\nDefault: http" type: "string" path: + description: "Path defines the server URL path for the health check endpoint." type: "string" port: + description: "Port defines the server URL port for the health check endpoint." type: "integer" scheme: + description: "Scheme replaces the server URL scheme for the health check endpoint." type: "string" status: + description: "Status defines the expected HTTP status code of the response to the health check request." type: "integer" timeout: - description: "Duration is a custom type suitable for parsing duration values.\nIt supports `time.ParseDuration`-compatible values and suffix-less digits; in\nthe latter case, seconds are assumed." - format: "int64" - type: "integer" - required: - - "followRedirects" + anyOf: + - type: "integer" + - type: "string" + description: "Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.\nDefault: 5s" + x-kubernetes-int-or-string: true type: "object" kind: description: "Kind defines the kind of the Service." diff --git a/crd-catalog/weaveworks/tf-controller/infra.contrib.fluxcd.io/v1alpha1/terraforms.yaml b/crd-catalog/weaveworks/tf-controller/infra.contrib.fluxcd.io/v1alpha1/terraforms.yaml index 35c7445dc..543595595 100644 --- a/crd-catalog/weaveworks/tf-controller/infra.contrib.fluxcd.io/v1alpha1/terraforms.yaml +++ b/crd-catalog/weaveworks/tf-controller/infra.contrib.fluxcd.io/v1alpha1/terraforms.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "terraforms.infra.contrib.fluxcd.io" spec: group: "infra.contrib.fluxcd.io" @@ -33,10 +33,10 @@ spec: description: "Terraform is the Schema for the terraforms API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -48,7 +48,7 @@ spec: description: "Clean the runner pod up after each reconciliation cycle" type: "boolean" approvePlan: - description: "ApprovePlan specifies name of a plan wanted to approve. If its value is \"auto\", the controller will automatically approve every plan." + description: "ApprovePlan specifies name of a plan wanted to approve.\nIf its value is \"auto\", the controller will automatically approve every plan." type: "string" backendConfig: description: "BackendConfigSpec is for specifying configuration for Terraform's Kubernetes backend" @@ -84,12 +84,12 @@ spec: - "ConfigMap" type: "string" name: - description: "Name of the configs referent. Should reside in the same namespace as the referring resource." + description: "Name of the configs referent. Should reside in the same namespace as the\nreferring resource." maxLength: 253 minLength: 1 type: "string" optional: - description: "Optional marks this BackendConfigsReference as optional. When set, a not found error for the values reference is ignored, but any Key or transient error will still result in a reconciliation failure." + description: "Optional marks this BackendConfigsReference as optional. When set, a not found error\nfor the values reference is ignored, but any Key or\ntransient error will still result in a reconciliation failure." type: "boolean" required: - "kind" @@ -97,10 +97,10 @@ spec: type: "object" type: "array" breakTheGlass: - description: "BreakTheGlass specifies if the reconciliation should stop and allow interactive shell in case of emergency." + description: "BreakTheGlass specifies if the reconciliation should stop\nand allow interactive shell in case of emergency." type: "boolean" cliConfigSecretRef: - description: "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace" + description: "SecretReference represents a Secret Reference. It has enough information to retrieve secret\nin any namespace" properties: name: description: "name is unique within a namespace to reference a secret resource." @@ -133,7 +133,7 @@ spec: type: "object" dependsOn: items: - description: "NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any namespace." + description: "NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any\nnamespace." properties: name: description: "Name of the referent." @@ -150,11 +150,11 @@ spec: type: "boolean" destroyResourcesOnDeletion: default: false - description: "Create destroy plan and apply it to destroy terraform resources upon deletion of this object. Defaults to false." + description: "Create destroy plan and apply it to destroy terraform resources\nupon deletion of this object. Defaults to false." type: "boolean" disableDriftDetection: default: false - description: "Disable automatic drift detection. Drift detection may be resource intensive in the context of a large cluster or complex Terraform statefile. Defaults to false." + description: "Disable automatic drift detection. Drift detection may be resource intensive in\nthe context of a large cluster or complex Terraform statefile. Defaults to false." type: "boolean" enableInventory: description: "EnableInventory enables the object to store resource entries as the inventory for external use." @@ -196,15 +196,15 @@ spec: type: "array" force: default: false - description: "Force instructs the controller to unconditionally re-plan and re-apply TF resources. Defaults to false." + description: "Force instructs the controller to unconditionally\nre-plan and re-apply TF resources. Defaults to false." type: "boolean" healthChecks: description: "List of health checks to be performed." items: - description: "HealthCheck contains configuration needed to perform a health check after terraform is applied." + description: "HealthCheck contains configuration needed to perform a health check after\nterraform is applied." properties: address: - description: "Address to perform tcp health check on. Required when tcp type is specified. Go template can be used to reference values from the terraform output (e.g. 127.0.0.1:8080, {{.address}}:{{.port}})." + description: "Address to perform tcp health check on. Required when tcp type is specified.\nGo template can be used to reference values from the terraform output\n(e.g. 127.0.0.1:8080, {{.address}}:{{.port}})." type: "string" name: description: "Name of the health check." @@ -213,16 +213,16 @@ spec: type: "string" timeout: default: "20s" - description: "The timeout period at which the connection should timeout if unable to complete the request. When not specified, default 20s timeout is used." + description: "The timeout period at which the connection should timeout if unable to\ncomplete the request.\nWhen not specified, default 20s timeout is used." type: "string" type: - description: "Type of the health check, valid values are ('tcp', 'http'). If tcp is specified, address is required. If http is specified, url is required." + description: "Type of the health check, valid values are ('tcp', 'http').\nIf tcp is specified, address is required.\nIf http is specified, url is required." enum: - "tcp" - "http" type: "string" url: - description: "URL to perform http health check on. Required when http type is specified. Go template can be used to reference values from the terraform output (e.g. https://example.org, {{.output_url}})." + description: "URL to perform http health check on. Required when http type is specified.\nGo template can be used to reference values from the terraform output\n(e.g. https://example.org, {{.output_url}})." type: "string" required: - "name" @@ -238,7 +238,7 @@ spec: format: "int32" type: "integer" path: - description: "Path to the directory containing Terraform (.tf) files. Defaults to 'None', which translates to the root path of the SourceRef." + description: "Path to the directory containing Terraform (.tf) files.\nDefaults to 'None', which translates to the root path of the SourceRef." type: "string" readInputsFromSecrets: items: @@ -257,7 +257,7 @@ spec: description: "RefreshBeforeApply forces refreshing of the state before the apply step." type: "boolean" retryInterval: - description: "The interval at which to retry a previously failed reconciliation. The default value is 15 when not specified." + description: "The interval at which to retry a previously failed reconciliation.\nThe default value is 15 when not specified." type: "string" runnerPodTemplate: properties: @@ -283,9 +283,9 @@ spec: description: "Describes node affinity scheduling rules for the pod." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: preference: description: "A node selector term, associated with the corresponding weight." @@ -293,16 +293,16 @@ spec: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -314,16 +314,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -344,26 +344,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: nodeSelectorTerms: description: "Required. A list of node selector terms. The terms are ORed." items: - description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -375,16 +375,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -405,7 +405,7 @@ spec: description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -418,16 +418,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -439,26 +439,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -470,23 +470,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -495,9 +495,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -505,16 +505,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -526,26 +526,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -557,17 +557,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -578,7 +578,7 @@ spec: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -591,16 +591,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -612,26 +612,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -643,23 +643,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -668,9 +668,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -678,16 +678,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -699,26 +699,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -730,17 +730,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -749,7 +749,7 @@ spec: type: "object" type: "object" env: - description: "List of environment variables to set in the container. Cannot be updated." + description: "List of environment variables to set in the container.\nCannot be updated." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -757,7 +757,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -769,7 +769,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -779,7 +779,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -792,7 +792,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -818,7 +818,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -833,7 +833,7 @@ spec: type: "object" type: "array" envFrom: - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: description: "EnvFromSource represents the source of a set of ConfigMaps" properties: @@ -841,7 +841,7 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -855,7 +855,7 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -873,17 +873,17 @@ spec: description: "A single application container that you want to run within a pod." properties: args: - description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: - description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: - description: "List of environment variables to set in the container. Cannot be updated." + description: "List of environment variables to set in the container.\nCannot be updated." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -891,7 +891,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -903,7 +903,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -913,7 +913,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -926,7 +926,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -952,7 +952,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -967,7 +967,7 @@ spec: type: "object" type: "array" envFrom: - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: description: "EnvFromSource represents the source of a set of ConfigMaps" properties: @@ -975,7 +975,7 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -989,7 +989,7 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -999,22 +999,22 @@ spec: type: "object" type: "array" image: - description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: - description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated." + description: "Actions that the management system should take in response to container lifecycle events.\nCannot be updated." properties: postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -1023,7 +1023,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1031,7 +1031,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1048,16 +1048,16 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -1066,20 +1066,20 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -1088,7 +1088,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1096,7 +1096,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1113,16 +1113,16 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -1131,7 +1131,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -1139,19 +1139,19 @@ spec: type: "object" type: "object" livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1162,7 +1162,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1171,7 +1171,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1179,7 +1179,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1196,24 +1196,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1226,45 +1226,45 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: - description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated." + description: "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated." type: "string" ports: - description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated." + description: "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated." items: description: "ContainerPort represents a network port in a single container." properties: containerPort: - description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536." + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: - description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this." + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: - description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services." + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" - description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\"." + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -1275,19 +1275,19 @@ spec: - "protocol" x-kubernetes-list-type: "map" readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1298,7 +1298,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1307,7 +1307,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1315,7 +1315,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1332,24 +1332,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1362,17 +1362,17 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" @@ -1382,10 +1382,10 @@ spec: description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: - description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: - description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired." + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -1394,15 +1394,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1418,7 +1418,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1427,17 +1427,17 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" securityContext: - description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -1453,27 +1453,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -1489,48 +1489,48 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust only be set if type is \"Localhost\"." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nThis field is alpha-level and will only be honored by components that enable the\nWindowsHostProcessContainers feature flag. Setting this field without the feature\nflag will result in errors when validating the Pod. All of a Pod's containers must\nhave the same effective HostProcess value (it is not allowed to have a mix of HostProcess\ncontainers and non-HostProcess containers). In addition, if HostProcess is true\nthen HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1541,7 +1541,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1550,7 +1550,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1558,7 +1558,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1575,24 +1575,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1605,34 +1605,34 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: - description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false." + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: - description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false" + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: - description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated." + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: - description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false." + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to be used by the container." @@ -1651,27 +1651,27 @@ spec: type: "object" type: "array" volumeMounts: - description: "Pod volumes to mount into the container's filesystem. Cannot be updated." + description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -1679,7 +1679,7 @@ spec: type: "object" type: "array" workingDir: - description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated." + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" @@ -1693,23 +1693,23 @@ spec: tolerations: description: "Set the Tolerations for the Runner Pod" items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" @@ -1719,22 +1719,22 @@ spec: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -1747,20 +1747,20 @@ spec: description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." properties: awsElasticBlockStore: - description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." format: "int32" type: "integer" readOnly: - description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "boolean" volumeID: - description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" required: - "volumeID" @@ -1778,13 +1778,13 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: - description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: - "diskName" @@ -1794,7 +1794,7 @@ spec: description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." properties: readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretName: description: "secretName is the name of secret that contains Azure Storage Account Name and Key" @@ -1810,7 +1810,7 @@ spec: description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" properties: monitors: - description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" @@ -1818,44 +1818,44 @@ spec: description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "boolean" secretFile: - description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" secretRef: - description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: - description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" required: - "monitors" type: "object" cinder: - description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "boolean" secretRef: - description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" volumeID: - description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" required: - "volumeID" @@ -1864,11 +1864,11 @@ spec: description: "configMap represents a configMap that should populate this volume" properties: defaultMode: - description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -1876,11 +1876,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -1888,7 +1888,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -1899,26 +1899,26 @@ spec: description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." properties: driver: - description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + description: "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster." type: "string" fsType: - description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply." type: "string" nodePublishSecretRef: - description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" readOnly: - description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." + description: "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write)." type: "boolean" volumeAttributes: additionalProperties: type: "string" - description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + description: "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." type: "object" required: - "driver" @@ -1927,7 +1927,7 @@ spec: description: "downwardAPI represents downward API about the pod that should populate this volume" properties: defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: @@ -1949,14 +1949,14 @@ spec: type: "object" x-kubernetes-map-type: "atomic" mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" type: "string" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -1981,41 +1981,41 @@ spec: type: "array" type: "object" emptyDir: - description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" properties: medium: - description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: anyOf: - type: "integer" - type: "string" - description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." properties: metadata: - description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." type: "object" spec: - description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + description: "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." properties: accessModes: - description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -2029,10 +2029,10 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -2041,22 +2041,22 @@ spec: description: "Name is the name of resource being referenced" type: "string" namespace: - description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." type: "string" required: - "kind" - "name" type: "object" resources: - description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -2072,7 +2072,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -2081,7 +2081,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -2090,16 +2090,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -2111,15 +2111,15 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" storageClassName: - description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: - description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." type: "string" volumeName: description: "volumeName is the binding reference to the PersistentVolume backing this claim." @@ -2133,14 +2133,14 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" lun: description: "lun is Optional: FC target lun number" format: "int32" type: "integer" readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" targetWWNs: description: "targetWWNs is Optional: FC target worldwide names (WWNs)" @@ -2148,19 +2148,19 @@ spec: type: "string" type: "array" wwids: - description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" type: "object" flexVolume: - description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." properties: driver: description: "driver is the name of the driver to use for this volume." type: "string" fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." type: "string" options: additionalProperties: @@ -2168,13 +2168,13 @@ spec: description: "options is Optional: this field holds extra command options if any." type: "object" readOnly: - description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2185,36 +2185,36 @@ spec: description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" properties: datasetName: - description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated" type: "string" datasetUUID: description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" type: "string" type: "object" gcePersistentDisk: - description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" pdName: - description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" required: - "pdName" type: "object" gitRepo: - description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + description: "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container." properties: directory: - description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + description: "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name." type: "string" repository: description: "repository is the URL" @@ -2226,35 +2226,35 @@ spec: - "repository" type: "object" glusterfs: - description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md" properties: endpoints: - description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" path: - description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" readOnly: - description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" required: - "endpoints" - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." properties: path: - description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" type: - description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" required: - "path" type: "object" iscsi: - description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: chapAuthDiscovery: description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" @@ -2263,39 +2263,39 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" initiatorName: - description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." type: "string" iqn: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: - description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: description: "lun represents iSCSI Target Lun number." format: "int32" type: "integer" portals: - description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." items: type: "string" type: "array" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." type: "boolean" secretRef: description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" targetPortal: - description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." type: "string" required: - "iqn" @@ -2303,32 +2303,32 @@ spec: - "targetPortal" type: "object" name: - description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" nfs: - description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" properties: path: - description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" readOnly: - description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "boolean" server: - description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" required: - "path" - "server" type: "object" persistentVolumeClaim: - description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: claimName: - description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" readOnly: - description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." type: "boolean" required: - "claimName" @@ -2337,7 +2337,7 @@ spec: description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" pdID: description: "pdID is the ID that identifies Photon Controller persistent disk" @@ -2349,10 +2349,10 @@ spec: description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" properties: fsType: - description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" volumeID: description: "volumeID uniquely identifies a Portworx volume" @@ -2364,7 +2364,7 @@ spec: description: "projected items for all in one resources secrets, configmaps, and downward API" properties: defaultMode: - description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" sources: @@ -2376,7 +2376,7 @@ spec: description: "configMap information about the configMap data to project" properties: items: - description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -2384,11 +2384,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -2396,7 +2396,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -2425,14 +2425,14 @@ spec: type: "object" x-kubernetes-map-type: "atomic" mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" type: "string" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -2460,7 +2460,7 @@ spec: description: "secret information about the secret data to project" properties: items: - description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -2468,11 +2468,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -2480,7 +2480,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -2491,14 +2491,14 @@ spec: description: "serviceAccountToken is information about the serviceAccountToken data to project" properties: audience: - description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + description: "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." type: "string" expirationSeconds: - description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + description: "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes." format: "int64" type: "integer" path: - description: "path is the path relative to the mount point of the file to project the token into." + description: "path is the path relative to the mount point of the file to project the\ntoken into." type: "string" required: - "path" @@ -2510,19 +2510,19 @@ spec: description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" properties: group: - description: "group to map volume access to Default is no group" + description: "group to map volume access to\nDefault is no group" type: "string" readOnly: - description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false." type: "boolean" registry: - description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + description: "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes" type: "string" tenant: - description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + description: "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin" type: "string" user: - description: "user to map volume access to Defaults to serivceaccount user" + description: "user to map volume access to\nDefaults to serivceaccount user" type: "string" volume: description: "volume is a string that references an already created Quobyte volume by name." @@ -2532,38 +2532,38 @@ spec: - "volume" type: "object" rbd: - description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" image: - description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: - description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: - description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" pool: - description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" secretRef: - description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: - description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - "image" @@ -2573,7 +2573,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: description: "gateway is the host address of the ScaleIO API Gateway." @@ -2582,13 +2582,13 @@ spec: description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." type: "string" readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2596,7 +2596,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: - description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." @@ -2605,7 +2605,7 @@ spec: description: "system is the name of the storage system as configured in ScaleIO." type: "string" volumeName: - description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." + description: "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source." type: "string" required: - "gateway" @@ -2613,14 +2613,14 @@ spec: - "system" type: "object" secret: - description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" properties: defaultMode: - description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -2628,11 +2628,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -2643,38 +2643,38 @@ spec: description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" secretName: - description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" type: "object" storageos: description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" volumeName: - description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + description: "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace." type: "string" volumeNamespace: - description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created." type: "string" type: "object" vsphereVolume: description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" properties: fsType: - description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" storagePolicyID: description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." @@ -2696,12 +2696,12 @@ spec: type: "object" runnerTerminationGracePeriodSeconds: default: 30 - description: "Configure the termination grace period for the runner pod. Use this parameter to allow the Terraform process to gracefully shutdown. Consider increasing for large, complex or slow-moving Terraform managed resources." + description: "Configure the termination grace period for the runner pod. Use this parameter\nto allow the Terraform process to gracefully shutdown. Consider increasing for\nlarge, complex or slow-moving Terraform managed resources." format: "int64" type: "integer" serviceAccountName: default: "tf-runner" - description: "Name of a ServiceAccount for the runner Pod to provision Terraform resources. Default to tf-runner." + description: "Name of a ServiceAccount for the runner Pod to provision Terraform resources.\nDefault to tf-runner." type: "string" sourceRef: description: "SourceRef is the reference of the source where the Terraform files are stored." @@ -2735,7 +2735,7 @@ spec: - "human" type: "string" suspend: - description: "Suspend is to tell the controller to suspend subsequent TF executions, it does not apply to already started executions. Defaults to false." + description: "Suspend is to tell the controller to suspend subsequent TF executions,\nit does not apply to already started executions. Defaults to false." type: "boolean" targets: description: "Targets specify the resource, module or collection of resources to target." @@ -2747,18 +2747,18 @@ spec: properties: forceUnlock: default: "no" - description: "ForceUnlock a Terraform state if it has become locked for any reason. Defaults to `no`. \n This is an Enum and has the expected values of: \n - auto - yes - no \n WARNING: Only use `auto` in the cases where you are absolutely certain that no other system is using this state, you could otherwise end up in a bad place See https://www.terraform.io/language/state/locking#force-unlock for more information on the terraform state lock and force unlock." + description: "ForceUnlock a Terraform state if it has become locked for any reason. Defaults to `no`.\n\n\nThis is an Enum and has the expected values of:\n\n\n- auto\n- yes\n- no\n\n\nWARNING: Only use `auto` in the cases where you are absolutely certain that\nno other system is using this state, you could otherwise end up in a bad place\nSee https://www.terraform.io/language/state/locking#force-unlock for more\ninformation on the terraform state lock and force unlock." enum: - "yes" - "no" - "auto" type: "string" lockIdentifier: - description: "LockIdentifier holds the Identifier required by Terraform to unlock the state if it ever gets into a locked state. \n You'll need to put the Lock Identifier in here while setting ForceUnlock to either `yes` or `auto`. \n Leave this empty to do nothing, set this to the value of the `Lock Info: ID: [value]`, e.g. `f2ab685b-f84d-ac0b-a125-378a22877e8d`, to force unlock the state." + description: "LockIdentifier holds the Identifier required by Terraform to unlock the state\nif it ever gets into a locked state.\n\n\nYou'll need to put the Lock Identifier in here while setting ForceUnlock to\neither `yes` or `auto`.\n\n\nLeave this empty to do nothing, set this to the value of the `Lock Info: ID: [value]`,\ne.g. `f2ab685b-f84d-ac0b-a125-378a22877e8d`, to force unlock the state." type: "string" type: "object" values: - description: "Values map to the Terraform variable \"values\", which is an object of arbitrary values. It is a convenient way to pass values to Terraform resources without having to define a variable for each value. To use this feature, your Terraform file must define the variable \"values\"." + description: "Values map to the Terraform variable \"values\", which is an object of arbitrary values.\nIt is a convenient way to pass values to Terraform resources without having to define\na variable for each value. To use this feature, your Terraform file must define the variable \"values\"." x-kubernetes-preserve-unknown-fields: true vars: description: "List of input variables to set for the Terraform program." @@ -2779,7 +2779,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2789,7 +2789,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -2802,7 +2802,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -2828,7 +2828,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2843,9 +2843,9 @@ spec: type: "object" type: "array" varsFrom: - description: "List of references to a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey. Values of the later Secret / ConfigMap with the same keys will override those of the former." + description: "List of references to a Secret or a ConfigMap to generate variables for\nTerraform resources based on its data, selectively by varsKey. Values of the later\nSecret / ConfigMap with the same keys will override those of the former." items: - description: "VarsReference contain a reference of a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey." + description: "VarsReference contain a reference of a Secret or a ConfigMap to generate\nvariables for Terraform resources based on its data, selectively by varsKey." properties: kind: description: "Kind of the values referent, valid values are ('Secret', 'ConfigMap')." @@ -2854,12 +2854,12 @@ spec: - "ConfigMap" type: "string" name: - description: "Name of the values referent. Should reside in the same namespace as the referring resource." + description: "Name of the values referent. Should reside in the same namespace as the\nreferring resource." maxLength: 253 minLength: 1 type: "string" optional: - description: "Optional marks this VarsReference as optional. When set, a not found error for the values reference is ignored, but any VarsKey or transient error will still result in a reconciliation failure." + description: "Optional marks this VarsReference as optional. When set, a not found error\nfor the values reference is ignored, but any VarsKey or\ntransient error will still result in a reconciliation failure." type: "boolean" varsKeys: description: "VarsKeys is the data key at which a specific value can be found. Defaults to all keys." @@ -2906,7 +2906,7 @@ spec: description: "Name is the name of the Secret to be written" type: "string" outputs: - description: "Outputs contain the selected names of outputs to be written to the secret. Empty array means writing all outputs, which is default." + description: "Outputs contain the selected names of outputs to be written\nto the secret. Empty array means writing all outputs, which is default." items: type: "string" type: "array" @@ -2926,23 +2926,23 @@ spec: type: "array" conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" properties: lastTransitionTime: - description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." format: "date-time" type: "string" message: - description: "message is a human readable message indicating details about the transition. This may be an empty string." + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." maxLength: 32768 type: "string" observedGeneration: - description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." format: "int64" minimum: 0.0 type: "integer" reason: - description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." maxLength: 1024 minLength: 1 pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" @@ -2955,7 +2955,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -2994,11 +2994,11 @@ spec: - "entries" type: "object" lastAppliedByDriftDetectionAt: - description: "LastAppliedByDriftDetectionAt is the time when the last drift was detected and terraform apply was performed as a result" + description: "LastAppliedByDriftDetectionAt is the time when the last drift was detected and\nterraform apply was performed as a result" format: "date-time" type: "string" lastAppliedRevision: - description: "The last successfully applied revision. The revision format for Git sources is /." + description: "The last successfully applied revision.\nThe revision format for Git sources is /." type: "string" lastAttemptedRevision: description: "LastAttemptedRevision is the revision of the last reconciliation attempt." @@ -3008,10 +3008,10 @@ spec: format: "date-time" type: "string" lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected." + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected." type: "string" lastPlannedRevision: - description: "LastPlannedRevision is the revision used by the last planning process. The result could be either no plan change or a new plan generated." + description: "LastPlannedRevision is the revision used by the last planning process.\nThe result could be either no plan change or a new plan generated." type: "string" lock: description: "LockStatus defines the observed state of a Terraform State Lock" diff --git a/crd-catalog/weaveworks/tf-controller/infra.contrib.fluxcd.io/v1alpha2/terraforms.yaml b/crd-catalog/weaveworks/tf-controller/infra.contrib.fluxcd.io/v1alpha2/terraforms.yaml index ec4e673f2..eec8950db 100644 --- a/crd-catalog/weaveworks/tf-controller/infra.contrib.fluxcd.io/v1alpha2/terraforms.yaml +++ b/crd-catalog/weaveworks/tf-controller/infra.contrib.fluxcd.io/v1alpha2/terraforms.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "terraforms.infra.contrib.fluxcd.io" spec: group: "infra.contrib.fluxcd.io" @@ -31,10 +31,10 @@ spec: description: "Terraform is the Schema for the terraforms API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -46,7 +46,7 @@ spec: description: "Clean the runner pod up after each reconciliation cycle" type: "boolean" approvePlan: - description: "ApprovePlan specifies name of a plan wanted to approve. If its value is \"auto\", the controller will automatically approve every plan." + description: "ApprovePlan specifies name of a plan wanted to approve.\nIf its value is \"auto\", the controller will automatically approve every plan." type: "string" backendConfig: description: "BackendConfigSpec is for specifying configuration for Terraform's Kubernetes backend" @@ -82,12 +82,12 @@ spec: - "ConfigMap" type: "string" name: - description: "Name of the configs referent. Should reside in the same namespace as the referring resource." + description: "Name of the configs referent. Should reside in the same namespace as the\nreferring resource." maxLength: 253 minLength: 1 type: "string" optional: - description: "Optional marks this BackendConfigsReference as optional. When set, a not found error for the values reference is ignored, but any Key or transient error will still result in a reconciliation failure." + description: "Optional marks this BackendConfigsReference as optional. When set, a not found error\nfor the values reference is ignored, but any Key or\ntransient error will still result in a reconciliation failure." type: "boolean" required: - "kind" @@ -98,14 +98,14 @@ spec: description: "BranchPlanner configuration." properties: enablePathScope: - description: "EnablePathScope specifies if the Branch Planner should or shouldn't check if a Pull Request has changes under `.spec.path`. If enabled extra resources will be created only if there are any changes in terraform files." + description: "EnablePathScope specifies if the Branch Planner should or shouldn't check\nif a Pull Request has changes under `.spec.path`. If enabled extra\nresources will be created only if there are any changes in terraform files." type: "boolean" type: "object" breakTheGlass: - description: "BreakTheGlass specifies if the reconciliation should stop and allow interactive shell in case of emergency." + description: "BreakTheGlass specifies if the reconciliation should stop\nand allow interactive shell in case of emergency." type: "boolean" cliConfigSecretRef: - description: "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace" + description: "SecretReference represents a Secret Reference. It has enough information to retrieve secret\nin any namespace" properties: name: description: "name is unique within a namespace to reference a secret resource." @@ -138,7 +138,7 @@ spec: type: "object" dependsOn: items: - description: "NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any namespace." + description: "NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any\nnamespace." properties: name: description: "Name of the referent." @@ -155,11 +155,11 @@ spec: type: "boolean" destroyResourcesOnDeletion: default: false - description: "Create destroy plan and apply it to destroy terraform resources upon deletion of this object. Defaults to false." + description: "Create destroy plan and apply it to destroy terraform resources\nupon deletion of this object. Defaults to false." type: "boolean" disableDriftDetection: default: false - description: "Disable automatic drift detection. Drift detection may be resource intensive in the context of a large cluster or complex Terraform statefile. Defaults to false." + description: "Disable automatic drift detection. Drift detection may be resource intensive in\nthe context of a large cluster or complex Terraform statefile. Defaults to false." type: "boolean" enableInventory: description: "EnableInventory enables the object to store resource entries as the inventory for external use." @@ -201,15 +201,15 @@ spec: type: "array" force: default: false - description: "Force instructs the controller to unconditionally re-plan and re-apply TF resources. Defaults to false." + description: "Force instructs the controller to unconditionally\nre-plan and re-apply TF resources. Defaults to false." type: "boolean" healthChecks: description: "List of health checks to be performed." items: - description: "HealthCheck contains configuration needed to perform a health check after terraform is applied." + description: "HealthCheck contains configuration needed to perform a health check after\nterraform is applied." properties: address: - description: "Address to perform tcp health check on. Required when tcp type is specified. Go template can be used to reference values from the terraform output (e.g. 127.0.0.1:8080, {{.address}}:{{.port}})." + description: "Address to perform tcp health check on. Required when tcp type is specified.\nGo template can be used to reference values from the terraform output\n(e.g. 127.0.0.1:8080, {{.address}}:{{.port}})." type: "string" name: description: "Name of the health check." @@ -218,16 +218,16 @@ spec: type: "string" timeout: default: "20s" - description: "The timeout period at which the connection should timeout if unable to complete the request. When not specified, default 20s timeout is used." + description: "The timeout period at which the connection should timeout if unable to\ncomplete the request.\nWhen not specified, default 20s timeout is used." type: "string" type: - description: "Type of the health check, valid values are ('tcp', 'http'). If tcp is specified, address is required. If http is specified, url is required." + description: "Type of the health check, valid values are ('tcp', 'http').\nIf tcp is specified, address is required.\nIf http is specified, url is required." enum: - "tcp" - "http" type: "string" url: - description: "URL to perform http health check on. Required when http type is specified. Go template can be used to reference values from the terraform output (e.g. https://example.org, {{.output_url}})." + description: "URL to perform http health check on. Required when http type is specified.\nGo template can be used to reference values from the terraform output\n(e.g. https://example.org, {{.output_url}})." type: "string" required: - "name" @@ -243,10 +243,10 @@ spec: format: "int32" type: "integer" path: - description: "Path to the directory containing Terraform (.tf) files. Defaults to 'None', which translates to the root path of the SourceRef." + description: "Path to the directory containing Terraform (.tf) files.\nDefaults to 'None', which translates to the root path of the SourceRef." type: "string" planOnly: - description: "PlanOnly specifies if the reconciliation should or should not stop at plan phase." + description: "PlanOnly specifies if the reconciliation should or should not stop at plan\nphase." type: "boolean" readInputsFromSecrets: items: @@ -265,15 +265,15 @@ spec: description: "RefreshBeforeApply forces refreshing of the state before the apply step." type: "boolean" remediation: - description: "Remediation specifies what the controller should do when reconciliation fails. The default is to not perform any action." + description: "Remediation specifies what the controller should do when reconciliation\nfails. The default is to not perform any action." properties: retries: - description: "Retries is the number of retries that should be attempted on failures before bailing. Defaults to '0', a negative integer denotes unlimited retries." + description: "Retries is the number of retries that should be attempted on failures\nbefore bailing. Defaults to '0', a negative integer denotes unlimited\nretries." format: "int64" type: "integer" type: "object" retryInterval: - description: "The interval at which to retry a previously failed reconciliation. The default value is 15 when not specified." + description: "The interval at which to retry a previously failed reconciliation.\nThe default value is 15 when not specified." type: "string" runnerPodTemplate: properties: @@ -299,9 +299,9 @@ spec: description: "Describes node affinity scheduling rules for the pod." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: preference: description: "A node selector term, associated with the corresponding weight." @@ -309,16 +309,16 @@ spec: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -330,16 +330,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -360,26 +360,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: nodeSelectorTerms: description: "Required. A list of node selector terms. The terms are ORed." items: - description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -391,16 +391,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -421,7 +421,7 @@ spec: description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -434,16 +434,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -455,26 +455,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -486,23 +486,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -511,9 +511,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -521,16 +521,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -542,26 +542,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -573,17 +573,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -594,7 +594,7 @@ spec: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -607,16 +607,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -628,26 +628,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -659,23 +659,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -684,9 +684,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -694,16 +694,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -715,26 +715,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -746,17 +746,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -765,7 +765,7 @@ spec: type: "object" type: "object" env: - description: "List of environment variables to set in the container. Cannot be updated." + description: "List of environment variables to set in the container.\nCannot be updated." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -773,7 +773,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -785,7 +785,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -795,7 +795,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -808,7 +808,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -834,7 +834,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -849,7 +849,7 @@ spec: type: "object" type: "array" envFrom: - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: description: "EnvFromSource represents the source of a set of ConfigMaps" properties: @@ -857,7 +857,7 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -871,7 +871,7 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -883,7 +883,7 @@ spec: hostAliases: description: "Set host aliases for the Runner Pod" items: - description: "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file." + description: "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file." properties: hostnames: description: "Hostnames for the above IP address." @@ -904,17 +904,17 @@ spec: description: "A single application container that you want to run within a pod." properties: args: - description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: - description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: - description: "List of environment variables to set in the container. Cannot be updated." + description: "List of environment variables to set in the container.\nCannot be updated." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -922,7 +922,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -934,7 +934,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -944,7 +944,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -957,7 +957,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -983,7 +983,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -998,7 +998,7 @@ spec: type: "object" type: "array" envFrom: - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: description: "EnvFromSource represents the source of a set of ConfigMaps" properties: @@ -1006,7 +1006,7 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1020,7 +1020,7 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1030,22 +1030,22 @@ spec: type: "object" type: "array" image: - description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: - description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated." + description: "Actions that the management system should take in response to container lifecycle events.\nCannot be updated." properties: postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -1054,7 +1054,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1062,7 +1062,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1079,16 +1079,16 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -1097,20 +1097,20 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -1119,7 +1119,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1127,7 +1127,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1144,16 +1144,16 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -1162,7 +1162,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -1170,19 +1170,19 @@ spec: type: "object" type: "object" livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1193,7 +1193,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1202,7 +1202,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1210,7 +1210,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1227,24 +1227,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1257,45 +1257,45 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: - description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated." + description: "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated." type: "string" ports: - description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated." + description: "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated." items: description: "ContainerPort represents a network port in a single container." properties: containerPort: - description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536." + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: - description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this." + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: - description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services." + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" - description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\"." + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -1306,19 +1306,19 @@ spec: - "protocol" x-kubernetes-list-type: "map" readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1329,7 +1329,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1338,7 +1338,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1346,7 +1346,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1363,24 +1363,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1393,17 +1393,17 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" @@ -1413,10 +1413,10 @@ spec: description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: - description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: - description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired." + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -1425,15 +1425,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1449,7 +1449,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1458,17 +1458,17 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" securityContext: - description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -1484,27 +1484,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -1520,48 +1520,48 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust only be set if type is \"Localhost\"." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nThis field is alpha-level and will only be honored by components that enable the\nWindowsHostProcessContainers feature flag. Setting this field without the feature\nflag will result in errors when validating the Pod. All of a Pod's containers must\nhave the same effective HostProcess value (it is not allowed to have a mix of HostProcess\ncontainers and non-HostProcess containers). In addition, if HostProcess is true\nthen HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1572,7 +1572,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1581,7 +1581,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1589,7 +1589,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1606,24 +1606,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1636,34 +1636,34 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: - description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false." + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: - description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false" + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: - description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated." + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: - description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false." + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to be used by the container." @@ -1682,27 +1682,27 @@ spec: type: "object" type: "array" volumeMounts: - description: "Pod volumes to mount into the container's filesystem. Cannot be updated." + description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -1710,7 +1710,7 @@ spec: type: "object" type: "array" workingDir: - description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated." + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" @@ -1728,12 +1728,12 @@ spec: description: "Set Resources for the Runner Pod container" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1749,7 +1749,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1758,17 +1758,17 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" securityContext: description: "Set SecurityContext for the Runner Pod container" properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -1784,27 +1784,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -1820,54 +1820,54 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust only be set if type is \"Localhost\"." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nThis field is alpha-level and will only be honored by components that enable the\nWindowsHostProcessContainers feature flag. Setting this field without the feature\nflag will result in errors when validating the Pod. All of a Pod's containers must\nhave the same effective HostProcess value (it is not allowed to have a mix of HostProcess\ncontainers and non-HostProcess containers). In addition, if HostProcess is true\nthen HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" tolerations: description: "Set the Tolerations for the Runner Pod" items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" @@ -1877,22 +1877,22 @@ spec: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -1905,20 +1905,20 @@ spec: description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." properties: awsElasticBlockStore: - description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." format: "int32" type: "integer" readOnly: - description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "boolean" volumeID: - description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" required: - "volumeID" @@ -1936,13 +1936,13 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: - description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: - "diskName" @@ -1952,7 +1952,7 @@ spec: description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." properties: readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretName: description: "secretName is the name of secret that contains Azure Storage Account Name and Key" @@ -1968,7 +1968,7 @@ spec: description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" properties: monitors: - description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" @@ -1976,44 +1976,44 @@ spec: description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "boolean" secretFile: - description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" secretRef: - description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: - description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" required: - "monitors" type: "object" cinder: - description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "boolean" secretRef: - description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" volumeID: - description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" required: - "volumeID" @@ -2022,11 +2022,11 @@ spec: description: "configMap represents a configMap that should populate this volume" properties: defaultMode: - description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -2034,11 +2034,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -2046,7 +2046,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -2057,26 +2057,26 @@ spec: description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." properties: driver: - description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + description: "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster." type: "string" fsType: - description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply." type: "string" nodePublishSecretRef: - description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" readOnly: - description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." + description: "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write)." type: "boolean" volumeAttributes: additionalProperties: type: "string" - description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + description: "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." type: "object" required: - "driver" @@ -2085,7 +2085,7 @@ spec: description: "downwardAPI represents downward API about the pod that should populate this volume" properties: defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: @@ -2107,14 +2107,14 @@ spec: type: "object" x-kubernetes-map-type: "atomic" mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" type: "string" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -2139,41 +2139,41 @@ spec: type: "array" type: "object" emptyDir: - description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" properties: medium: - description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: anyOf: - type: "integer" - type: "string" - description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." properties: metadata: - description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." type: "object" spec: - description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + description: "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." properties: accessModes: - description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -2187,10 +2187,10 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -2199,22 +2199,22 @@ spec: description: "Name is the name of resource being referenced" type: "string" namespace: - description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." type: "string" required: - "kind" - "name" type: "object" resources: - description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -2230,7 +2230,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -2239,7 +2239,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -2248,16 +2248,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -2269,15 +2269,15 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" storageClassName: - description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: - description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." type: "string" volumeName: description: "volumeName is the binding reference to the PersistentVolume backing this claim." @@ -2291,14 +2291,14 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" lun: description: "lun is Optional: FC target lun number" format: "int32" type: "integer" readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" targetWWNs: description: "targetWWNs is Optional: FC target worldwide names (WWNs)" @@ -2306,19 +2306,19 @@ spec: type: "string" type: "array" wwids: - description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" type: "object" flexVolume: - description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." properties: driver: description: "driver is the name of the driver to use for this volume." type: "string" fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." type: "string" options: additionalProperties: @@ -2326,13 +2326,13 @@ spec: description: "options is Optional: this field holds extra command options if any." type: "object" readOnly: - description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2343,36 +2343,36 @@ spec: description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" properties: datasetName: - description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated" type: "string" datasetUUID: description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" type: "string" type: "object" gcePersistentDisk: - description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" pdName: - description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" required: - "pdName" type: "object" gitRepo: - description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + description: "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container." properties: directory: - description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + description: "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name." type: "string" repository: description: "repository is the URL" @@ -2384,35 +2384,35 @@ spec: - "repository" type: "object" glusterfs: - description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md" properties: endpoints: - description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" path: - description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" readOnly: - description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" required: - "endpoints" - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." properties: path: - description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" type: - description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" required: - "path" type: "object" iscsi: - description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: chapAuthDiscovery: description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" @@ -2421,39 +2421,39 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" initiatorName: - description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." type: "string" iqn: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: - description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: description: "lun represents iSCSI Target Lun number." format: "int32" type: "integer" portals: - description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." items: type: "string" type: "array" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." type: "boolean" secretRef: description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" targetPortal: - description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." type: "string" required: - "iqn" @@ -2461,32 +2461,32 @@ spec: - "targetPortal" type: "object" name: - description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" nfs: - description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" properties: path: - description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" readOnly: - description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "boolean" server: - description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" required: - "path" - "server" type: "object" persistentVolumeClaim: - description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: claimName: - description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" readOnly: - description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." type: "boolean" required: - "claimName" @@ -2495,7 +2495,7 @@ spec: description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" pdID: description: "pdID is the ID that identifies Photon Controller persistent disk" @@ -2507,10 +2507,10 @@ spec: description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" properties: fsType: - description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" volumeID: description: "volumeID uniquely identifies a Portworx volume" @@ -2522,7 +2522,7 @@ spec: description: "projected items for all in one resources secrets, configmaps, and downward API" properties: defaultMode: - description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" sources: @@ -2534,7 +2534,7 @@ spec: description: "configMap information about the configMap data to project" properties: items: - description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -2542,11 +2542,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -2554,7 +2554,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -2583,14 +2583,14 @@ spec: type: "object" x-kubernetes-map-type: "atomic" mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" type: "string" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -2618,7 +2618,7 @@ spec: description: "secret information about the secret data to project" properties: items: - description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -2626,11 +2626,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -2638,7 +2638,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -2649,14 +2649,14 @@ spec: description: "serviceAccountToken is information about the serviceAccountToken data to project" properties: audience: - description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + description: "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." type: "string" expirationSeconds: - description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + description: "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes." format: "int64" type: "integer" path: - description: "path is the path relative to the mount point of the file to project the token into." + description: "path is the path relative to the mount point of the file to project the\ntoken into." type: "string" required: - "path" @@ -2668,19 +2668,19 @@ spec: description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" properties: group: - description: "group to map volume access to Default is no group" + description: "group to map volume access to\nDefault is no group" type: "string" readOnly: - description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false." type: "boolean" registry: - description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + description: "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes" type: "string" tenant: - description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + description: "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin" type: "string" user: - description: "user to map volume access to Defaults to serivceaccount user" + description: "user to map volume access to\nDefaults to serivceaccount user" type: "string" volume: description: "volume is a string that references an already created Quobyte volume by name." @@ -2690,38 +2690,38 @@ spec: - "volume" type: "object" rbd: - description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" image: - description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: - description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: - description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" pool: - description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" secretRef: - description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: - description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - "image" @@ -2731,7 +2731,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: description: "gateway is the host address of the ScaleIO API Gateway." @@ -2740,13 +2740,13 @@ spec: description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." type: "string" readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2754,7 +2754,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: - description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." @@ -2763,7 +2763,7 @@ spec: description: "system is the name of the storage system as configured in ScaleIO." type: "string" volumeName: - description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." + description: "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source." type: "string" required: - "gateway" @@ -2771,14 +2771,14 @@ spec: - "system" type: "object" secret: - description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" properties: defaultMode: - description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -2786,11 +2786,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -2801,38 +2801,38 @@ spec: description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" secretName: - description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" type: "object" storageos: description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" volumeName: - description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + description: "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace." type: "string" volumeNamespace: - description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created." type: "string" type: "object" vsphereVolume: description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" properties: fsType: - description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" storagePolicyID: description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." @@ -2854,12 +2854,12 @@ spec: type: "object" runnerTerminationGracePeriodSeconds: default: 30 - description: "Configure the termination grace period for the runner pod. Use this parameter to allow the Terraform process to gracefully shutdown. Consider increasing for large, complex or slow-moving Terraform managed resources." + description: "Configure the termination grace period for the runner pod. Use this parameter\nto allow the Terraform process to gracefully shutdown. Consider increasing for\nlarge, complex or slow-moving Terraform managed resources." format: "int64" type: "integer" serviceAccountName: default: "tf-runner" - description: "Name of a ServiceAccount for the runner Pod to provision Terraform resources. Default to tf-runner." + description: "Name of a ServiceAccount for the runner Pod to provision Terraform resources.\nDefault to tf-runner." type: "string" sourceRef: description: "SourceRef is the reference of the source where the Terraform files are stored." @@ -2893,7 +2893,7 @@ spec: - "human" type: "string" suspend: - description: "Suspend is to tell the controller to suspend subsequent TF executions, it does not apply to already started executions. Defaults to false." + description: "Suspend is to tell the controller to suspend subsequent TF executions,\nit does not apply to already started executions. Defaults to false." type: "boolean" targets: description: "Targets specify the resource, module or collection of resources to target." @@ -2910,22 +2910,22 @@ spec: properties: forceUnlock: default: "no" - description: "ForceUnlock a Terraform state if it has become locked for any reason. Defaults to `no`. \n This is an Enum and has the expected values of: \n - auto - yes - no \n WARNING: Only use `auto` in the cases where you are absolutely certain that no other system is using this state, you could otherwise end up in a bad place See https://www.terraform.io/language/state/locking#force-unlock for more information on the terraform state lock and force unlock." + description: "ForceUnlock a Terraform state if it has become locked for any reason. Defaults to `no`.\n\n\nThis is an Enum and has the expected values of:\n\n\n- auto\n- yes\n- no\n\n\nWARNING: Only use `auto` in the cases where you are absolutely certain that\nno other system is using this state, you could otherwise end up in a bad place\nSee https://www.terraform.io/language/state/locking#force-unlock for more\ninformation on the terraform state lock and force unlock." enum: - "yes" - "no" - "auto" type: "string" lockIdentifier: - description: "LockIdentifier holds the Identifier required by Terraform to unlock the state if it ever gets into a locked state. \n You'll need to put the Lock Identifier in here while setting ForceUnlock to either `yes` or `auto`. \n Leave this empty to do nothing, set this to the value of the `Lock Info: ID: [value]`, e.g. `f2ab685b-f84d-ac0b-a125-378a22877e8d`, to force unlock the state." + description: "LockIdentifier holds the Identifier required by Terraform to unlock the state\nif it ever gets into a locked state.\n\n\nYou'll need to put the Lock Identifier in here while setting ForceUnlock to\neither `yes` or `auto`.\n\n\nLeave this empty to do nothing, set this to the value of the `Lock Info: ID: [value]`,\ne.g. `f2ab685b-f84d-ac0b-a125-378a22877e8d`, to force unlock the state." type: "string" lockTimeout: default: "0s" - description: "LockTimeout is a Duration string that instructs Terraform to retry acquiring a lock for the specified period of time before returning an error. The duration syntax is a number followed by a time unit letter, such as `3s` for three seconds. \n Defaults to `0s` which will behave as though `LockTimeout` was not set" + description: "LockTimeout is a Duration string that instructs Terraform to retry acquiring a lock for the specified period of\ntime before returning an error. The duration syntax is a number followed by a time unit letter, such as `3s` for\nthree seconds.\n\n\nDefaults to `0s` which will behave as though `LockTimeout` was not set" type: "string" type: "object" values: - description: "Values map to the Terraform variable \"values\", which is an object of arbitrary values. It is a convenient way to pass values to Terraform resources without having to define a variable for each value. To use this feature, your Terraform file must define the variable \"values\"." + description: "Values map to the Terraform variable \"values\", which is an object of arbitrary values.\nIt is a convenient way to pass values to Terraform resources without having to define\na variable for each value. To use this feature, your Terraform file must define the variable \"values\"." x-kubernetes-preserve-unknown-fields: true vars: description: "List of input variables to set for the Terraform program." @@ -2946,7 +2946,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2956,7 +2956,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -2969,7 +2969,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -2995,7 +2995,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3010,9 +3010,9 @@ spec: type: "object" type: "array" varsFrom: - description: "List of references to a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey. Values of the later Secret / ConfigMap with the same keys will override those of the former." + description: "List of references to a Secret or a ConfigMap to generate variables for\nTerraform resources based on its data, selectively by varsKey. Values of the later\nSecret / ConfigMap with the same keys will override those of the former." items: - description: "VarsReference contain a reference of a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey." + description: "VarsReference contain a reference of a Secret or a ConfigMap to generate\nvariables for Terraform resources based on its data, selectively by varsKey." properties: kind: description: "Kind of the values referent, valid values are ('Secret', 'ConfigMap')." @@ -3021,12 +3021,12 @@ spec: - "ConfigMap" type: "string" name: - description: "Name of the values referent. Should reside in the same namespace as the referring resource." + description: "Name of the values referent. Should reside in the same namespace as the\nreferring resource." maxLength: 253 minLength: 1 type: "string" optional: - description: "Optional marks this VarsReference as optional. When set, a not found error for the values reference is ignored, but any VarsKey or transient error will still result in a reconciliation failure." + description: "Optional marks this VarsReference as optional. When set, a not found error\nfor the values reference is ignored, but any VarsKey or\ntransient error will still result in a reconciliation failure." type: "boolean" varsKeys: description: "VarsKeys is the data key at which a specific value can be found. Defaults to all keys." @@ -3083,7 +3083,7 @@ spec: description: "Name is the name of the Secret to be written" type: "string" outputs: - description: "Outputs contain the selected names of outputs to be written to the secret. Empty array means writing all outputs, which is default." + description: "Outputs contain the selected names of outputs to be written\nto the secret. Empty array means writing all outputs, which is default." items: type: "string" type: "array" @@ -3105,23 +3105,23 @@ spec: type: "array" conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" properties: lastTransitionTime: - description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." format: "date-time" type: "string" message: - description: "message is a human readable message indicating details about the transition. This may be an empty string." + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." maxLength: 32768 type: "string" observedGeneration: - description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." format: "int64" minimum: 0.0 type: "integer" reason: - description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." maxLength: 1024 minLength: 1 pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" @@ -3134,7 +3134,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -3173,11 +3173,11 @@ spec: - "entries" type: "object" lastAppliedByDriftDetectionAt: - description: "LastAppliedByDriftDetectionAt is the time when the last drift was detected and terraform apply was performed as a result" + description: "LastAppliedByDriftDetectionAt is the time when the last drift was detected and\nterraform apply was performed as a result" format: "date-time" type: "string" lastAppliedRevision: - description: "The last successfully applied revision. The revision format for Git sources is /." + description: "The last successfully applied revision.\nThe revision format for Git sources is /." type: "string" lastAttemptedRevision: description: "LastAttemptedRevision is the revision of the last reconciliation attempt." @@ -3187,14 +3187,14 @@ spec: format: "date-time" type: "string" lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected." + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected." type: "string" lastPlanAt: description: "LastPlanAt is the time when the last terraform plan was performed" format: "date-time" type: "string" lastPlannedRevision: - description: "LastPlannedRevision is the revision used by the last planning process. The result could be either no plan change or a new plan generated." + description: "LastPlannedRevision is the revision used by the last planning process.\nThe result could be either no plan change or a new plan generated." type: "string" lock: description: "LockStatus defines the observed state of a Terraform State Lock" @@ -3221,7 +3221,7 @@ spec: type: "string" type: "object" reconciliationFailures: - description: "ReconciliationFailures is the number of reconciliation failures since the last success or update." + description: "ReconciliationFailures is the number of reconciliation\nfailures since the last success or update." format: "int64" type: "integer" type: "object" diff --git a/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/operatorconfigurations.yaml b/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/operatorconfigurations.yaml index 29c7f0e96..4113f3e76 100644 --- a/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/operatorconfigurations.yaml +++ b/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/operatorconfigurations.yaml @@ -128,7 +128,7 @@ spec: type: "boolean" type: "object" docker_image: - default: "ghcr.io/zalando/spilo-16:3.2-p2" + default: "ghcr.io/zalando/spilo-16:3.2-p3" type: "string" enable_crd_registration: default: true @@ -426,7 +426,7 @@ spec: logical_backup_cronjob_environment_secret: type: "string" logical_backup_docker_image: - default: "ghcr.io/zalando/postgres-operator/logical-backup:v1.11.0" + default: "ghcr.io/zalando/postgres-operator/logical-backup:v1.12.0" type: "string" logical_backup_google_application_credentials: type: "string" diff --git a/kube-custom-resources-rs/src/anywhere_eks_amazonaws_com/v1alpha1/nutanixdatacenterconfigs.rs b/kube-custom-resources-rs/src/anywhere_eks_amazonaws_com/v1alpha1/nutanixdatacenterconfigs.rs index 9babd3cb0..5047a4a86 100644 --- a/kube-custom-resources-rs/src/anywhere_eks_amazonaws_com/v1alpha1/nutanixdatacenterconfigs.rs +++ b/kube-custom-resources-rs/src/anywhere_eks_amazonaws_com/v1alpha1/nutanixdatacenterconfigs.rs @@ -25,6 +25,9 @@ pub struct NutanixDatacenterConfigSpec { pub credential_ref: Option, /// Endpoint is the Endpoint of Nutanix Prism Central pub endpoint: String, + /// FailureDomains is the optional list of failure domains for the Nutanix Datacenter. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureDomains")] + pub failure_domains: Option>, /// Insecure is the optional flag to skip TLS verification. Nutanix Prism Central installation by default ships with a self-signed certificate that will fail TLS verification because the certificate is not issued by a public CA and does not have the IP SANs with the Prism Central endpoint. To accommodate the scenario where the user has not changed the default Certificate that ships with Prism Central, we allow the user to skip TLS verification. This is not recommended for production use. #[serde(default, skip_serializing_if = "Option::is_none")] pub insecure: Option, @@ -41,6 +44,65 @@ pub struct NutanixDatacenterConfigCredentialRef { pub name: Option, } +/// NutanixDatacenterFailureDomain defines the failure domain for the Nutanix Datacenter. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct NutanixDatacenterConfigFailureDomains { + /// Cluster is the Prism Element cluster name or uuid that is connected to the Prism Central. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Name is the unique name of the failure domain. Name must be between 1 and 64 characters long. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. + pub name: String, + /// Subnets holds the list of subnets identifiers cluster's network subnets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subnets: Option>, +} + +/// Cluster is the Prism Element cluster name or uuid that is connected to the Prism Central. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct NutanixDatacenterConfigFailureDomainsCluster { + /// name is the resource name in the PC + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Type is the identifier type to use for this resource. + #[serde(rename = "type")] + pub r#type: NutanixDatacenterConfigFailureDomainsClusterType, + /// uuid is the UUID of the resource in the PC. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uuid: Option, +} + +/// Cluster is the Prism Element cluster name or uuid that is connected to the Prism Central. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum NutanixDatacenterConfigFailureDomainsClusterType { + #[serde(rename = "uuid")] + Uuid, + #[serde(rename = "name")] + Name, +} + +/// NutanixResourceIdentifier holds the identity of a Nutanix Prism resource (cluster, image, subnet, etc.) +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct NutanixDatacenterConfigFailureDomainsSubnets { + /// name is the resource name in the PC + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Type is the identifier type to use for this resource. + #[serde(rename = "type")] + pub r#type: NutanixDatacenterConfigFailureDomainsSubnetsType, + /// uuid is the UUID of the resource in the PC. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uuid: Option, +} + +/// NutanixResourceIdentifier holds the identity of a Nutanix Prism resource (cluster, image, subnet, etc.) +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum NutanixDatacenterConfigFailureDomainsSubnetsType { + #[serde(rename = "uuid")] + Uuid, + #[serde(rename = "name")] + Name, +} + /// NutanixDatacenterConfigStatus defines the observed state of NutanixDatacenterConfig. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NutanixDatacenterConfigStatus { diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs index 360af3329..5ae199cef 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs @@ -266,6 +266,9 @@ pub struct ClusterComponentSpecs { /// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. #[serde(default, skip_serializing_if = "Option::is_none", rename = "switchPolicy")] pub switch_policy: Option, + /// Overrides system accounts defined in referenced ComponentDefinition. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "systemAccounts")] + pub system_accounts: Option>, /// A boolean flag that indicates whether the Component should use Transport Layer Security (TLS) for secure communication. When set to true, the Component will be configured to use TLS encryption for its network connections. This ensures that the data transmitted between the Component and its clients or other Components is encrypted and protected from unauthorized access. If TLS is enabled, the Component may require additional configuration, such as specifying TLS certificates and keys, to properly set up the secure communication channel. #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option, @@ -389,22 +392,15 @@ pub struct ClusterComponentSpecsInstances { pub labels: Option>, /// Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns. pub name: String, - /// Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. - /// Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in "Pending" state until the node is available or the Pod is deleted. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] - pub node_name: Option, - /// Defines NodeSelector to override. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] - pub node_selector: Option>, /// Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, /// Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, + /// Specifies the scheduling policy for the Component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingPolicy")] + pub scheduling_policy: Option, /// Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] pub volume_claim_templates: Option>, @@ -519,554 +515,357 @@ pub struct ClusterComponentSpecsInstancesResourcesClaims { pub name: String, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// Specifies the scheduling policy for the Component. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +pub struct ClusterComponentSpecsInstancesSchedulingPolicy { + /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. #[serde(default, skip_serializing_if = "Option::is_none")] - pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] - pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + pub affinity: Option, + /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] + pub node_name: Option, + /// NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] + pub scheduler_name: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, + pub tolerations: Option>, + /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, } +/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumeClaimTemplates { - /// Refers to the name of a volumeMount defined in either: - /// - `componentDefinition.spec.runtime.containers[*].volumeMounts` - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) - /// The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. - pub name: String, - /// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. - /// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub spec: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, } -/// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. -/// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. +/// Describes node affinity scheduling rules for the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumeClaimTemplatesSpec { - /// Contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] - pub access_modes: Option>, - /// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// The name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] - pub storage_class_name: Option, - /// Defines what type of volume is required by the claim, either Block or Filesystem. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] - pub volume_mode: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, } -/// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. +/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumeClaimTemplatesSpecResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub requests: Option>, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: ClusterComponentSpecsInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, } -/// ResourceClaim references one entry in PodSpec.ResourceClaims. +/// A node selector term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumeClaimTemplatesSpecResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. - pub name: String, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, } -/// VolumeMount describes a mounting of a Volume within a container. +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumeMounts { - /// Path within the container at which the volume should be mounted. Must not contain ':'. - #[serde(rename = "mountPath")] - pub mount_path: String, - /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] - pub mount_propagation: Option, - /// This must match the Name of a Volume. - pub name: String, - /// Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] - pub sub_path: Option, - /// Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] - pub sub_path_expr: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } -/// Volume represents a named volume in a pod that may be accessed by any container in the pod. +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumes { - /// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] - pub aws_elastic_block_store: Option, - /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] - pub azure_disk: Option, - /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] - pub azure_file: Option, - /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cephfs: Option, - /// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cinder: Option, - /// configMap represents a configMap that should populate this volume - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, - /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub csi: Option, - /// downwardAPI represents downward API about the pod that should populate this volume - #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] - pub downward_api: Option, - /// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] - pub empty_dir: Option, - /// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - /// A pod can use both types of ephemeral volumes and persistent volumes at the same time. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ephemeral: Option, - /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub fc: Option, - /// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] - pub flex_volume: Option, - /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flocker: Option, - /// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] - pub gce_persistent_disk: Option, - /// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] - pub git_repo: Option, - /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md - #[serde(default, skip_serializing_if = "Option::is_none")] - pub glusterfs: Option, - /// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] - pub host_path: Option, - /// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md - #[serde(default, skip_serializing_if = "Option::is_none")] - pub iscsi: Option, - /// name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - pub name: String, - /// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - #[serde(default, skip_serializing_if = "Option::is_none")] - pub nfs: Option, - /// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] - pub persistent_volume_claim: Option, - /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] - pub photon_persistent_disk: Option, - /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] - pub portworx_volume: Option, - /// projected items for all in one resources secrets, configmaps, and downward API - #[serde(default, skip_serializing_if = "Option::is_none")] - pub projected: Option, - /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime - #[serde(default, skip_serializing_if = "Option::is_none")] - pub quobyte: Option, - /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md - #[serde(default, skip_serializing_if = "Option::is_none")] - pub rbd: Option, - /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] - pub scale_io: Option, - /// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, - /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub storageos: Option, - /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] - pub vsphere_volume: Option, + pub values: Option>, } -/// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesAwsElasticBlockStore { - /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub partition: Option, - /// readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - #[serde(rename = "volumeID")] - pub volume_id: String, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, } -/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesAzureDisk { - /// cachingMode is the Host Caching mode: None, Read Only, Read Write. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] - pub caching_mode: Option, - /// diskName is the Name of the data disk in the blob storage - #[serde(rename = "diskName")] - pub disk_name: String, - /// diskURI is the URI of data disk in the blob storage - #[serde(rename = "diskURI")] - pub disk_uri: String, - /// fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, - /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, } -/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesAzureFile { - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretName is the name of secret that contains Azure Storage Account Name and Key - #[serde(rename = "secretName")] - pub secret_name: String, - /// shareName is the azure share Name - #[serde(rename = "shareName")] - pub share_name: String, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } -/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesCephfs { - /// monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - pub monitors: Vec, - /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - #[serde(default, skip_serializing_if = "Option::is_none")] - pub path: Option, - /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] - pub secret_file: Option, - /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub user: Option, + pub values: Option>, } -/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesCephfsSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, } -/// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesCinder { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(rename = "volumeID")] - pub volume_id: String, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, } -/// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +/// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesCinderSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// configMap represents a configMap that should populate this volume +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesConfigMap { - /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// optional specify whether the ConfigMap or its keys must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// Maps a string key to a path within a volume. +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesConfigMapItems { - /// key is the key to project. +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - pub path: String, + pub values: Option>, } -/// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesCsi { - /// driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. - pub driver: String, - /// fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] - pub node_publish_secret_ref: Option, - /// readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] - pub volume_attributes: Option>, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesCsiNodePublishSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub values: Option>, } -/// downwardAPI represents downward API about the pod that should populate this volume +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesDownwardApi { - /// Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// Items is a list of downward API volume file +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// DownwardAPIVolumeFile represents information to create the file containing the pod field +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesDownwardApiItems { - /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] - pub field_ref: Option, - /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' - pub path: String, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] - pub resource_field_ref: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesDownwardApiItemsFieldRef { - /// Version of the schema the FieldPath is written in terms of, defaults to "v1". - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] - pub api_version: Option, - /// Path of the field to select in the specified API version. - #[serde(rename = "fieldPath")] - pub field_path: String, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesDownwardApiItemsResourceFieldRef { - /// Container name: required for volumes, optional for env vars - #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] - pub container_name: Option, - /// Specifies the output format of the exposed resources, defaults to "1" - #[serde(default, skip_serializing_if = "Option::is_none")] - pub divisor: Option, - /// Required: resource to select - pub resource: String, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesEmptyDir { - /// medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub medium: Option, - /// sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] - pub size_limit: Option, + pub values: Option>, } -/// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. -/// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). -/// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. -/// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. -/// A pod can use both types of ephemeral volumes and persistent volumes at the same time. +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesEphemeral { - /// Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - /// An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - /// This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - /// Required, must not be nil. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] - pub volume_claim_template: Option, -} - -/// Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). -/// An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. -/// This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. -/// Required, must not be nil. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplate { - /// May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub metadata: Option, - /// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. - pub spec: ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpec, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, } -/// May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateMetadata { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub finalizers: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub labels: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, } -/// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +/// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpec { - /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] - pub access_modes: Option>, - /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] - pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] - pub data_source_ref: Option, - /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// selector is a label query over volumes to consider for binding. +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option, - /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] - pub storage_class_name: Option, - /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] - pub volume_mode: Option, - /// volumeName is the binding reference to the PersistentVolume backing this claim. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] - pub volume_name: Option, -} - -/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] - pub api_group: Option, - /// Kind is the type of resource being referenced - pub kind: String, - /// Name is the name of resource being referenced - pub name: String, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] - pub api_group: Option, - /// Kind is the type of resource being referenced - pub kind: String, - /// Name is the name of resource being referenced - pub name: String, - /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub requests: Option>, -} - -/// ResourceClaim references one entry in PodSpec.ResourceClaims. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. - pub name: String, + pub values: Option>, } -/// selector is a label query over volumes to consider for binding. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecSelector { +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, @@ -1074,7 +873,7 @@ pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpec /// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecSelectorMatchExpressions { +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. @@ -1084,253 +883,448 @@ pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpec pub values: Option>, } -/// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesFc { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// lun is Optional: FC target lun number - #[serde(default, skip_serializing_if = "Option::is_none")] - pub lun: Option, - /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// targetWWNs is Optional: FC target worldwide names (WWNs) - #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] - pub target_ww_ns: Option>, - /// wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub wwids: Option>, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesFlexVolume { - /// driver is the name of the driver to use for this volume. - pub driver: String, - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// options is Optional: this field holds extra command options if any. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub options: Option>, - /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesFlexVolumeSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub values: Option>, } -/// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesFlocker { - /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated - #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] - pub dataset_name: Option, - /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset - #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetUUID")] - pub dataset_uuid: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesGcePersistentDisk { - /// fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +pub struct ClusterComponentSpecsInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub partition: Option, - /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - #[serde(rename = "pdName")] - pub pd_name: String, - /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, + pub values: Option>, } -/// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesGitRepo { - /// directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. +pub struct ClusterComponentSpecsInstancesSchedulingPolicyTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] - pub directory: Option, - /// repository is the URL - pub repository: String, - /// revision is the commit hash for the specified revision. + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] - pub revision: Option, + pub key: Option, + /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } -/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesGlusterfs { - /// endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - pub endpoints: String, - /// path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - pub path: String, - /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, } -/// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesHostPath { - /// path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - pub path: String, - /// type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, +pub struct ClusterComponentSpecsInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesIscsi { - /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] - pub chap_auth_discovery: Option, - /// chapAuthSession defines whether support iSCSI Session CHAP authentication - #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] - pub chap_auth_session: Option, - /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] - pub initiator_name: Option, - /// iqn is the target iSCSI Qualified Name. - pub iqn: String, - /// iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] - pub iscsi_interface: Option, - /// lun represents iSCSI Target Lun number. - pub lun: i32, - /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). +pub struct ClusterComponentSpecsInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub portals: Option>, - /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef is the CHAP Secret for iSCSI target and initiator authentication - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - #[serde(rename = "targetPortal")] - pub target_portal: String, + pub values: Option>, } -/// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesIscsiSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +pub struct ClusterComponentSpecsInstancesVolumeClaimTemplates { + /// Refers to the name of a volumeMount defined in either: + /// - `componentDefinition.spec.runtime.containers[*].volumeMounts` - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) + /// The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. + pub name: String, + /// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. + /// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub spec: Option, } -/// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +/// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. +/// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesNfs { - /// path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - pub path: String, - /// readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - pub server: String, +pub struct ClusterComponentSpecsInstancesVolumeClaimTemplatesSpec { + /// Contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] + pub access_modes: Option>, + /// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// The name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] + pub storage_class_name: Option, + /// Defines what type of volume is required by the claim, either Block or Filesystem. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] + pub volume_mode: Option, } -/// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +/// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesPersistentVolumeClaim { - /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - #[serde(rename = "claimName")] - pub claim_name: String, - /// readOnly Will force the ReadOnly setting in VolumeMounts. Default false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, +pub struct ClusterComponentSpecsInstancesVolumeClaimTemplatesSpecResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, } -/// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +/// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesPhotonPersistentDisk { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// pdID is the ID that identifies Photon Controller persistent disk - #[serde(rename = "pdID")] - pub pd_id: String, +pub struct ClusterComponentSpecsInstancesVolumeClaimTemplatesSpecResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, } -/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine +/// VolumeMount describes a mounting of a Volume within a container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesPortworxVolume { - /// fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +pub struct ClusterComponentSpecsInstancesVolumeMounts { + /// Path within the container at which the volume should be mounted. Must not contain ':'. + #[serde(rename = "mountPath")] + pub mount_path: String, + /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + /// This must match the Name of a Volume. + pub name: String, + /// Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// volumeID uniquely identifies a Portworx volume - #[serde(rename = "volumeID")] - pub volume_id: String, + /// Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + /// Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, } -/// projected items for all in one resources secrets, configmaps, and downward API +/// Volume represents a named volume in a pod that may be accessed by any container in the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesProjected { - /// defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// sources is the list of volume projections +pub struct ClusterComponentSpecsInstancesVolumes { + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] + pub aws_elastic_block_store: Option, + /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] + pub azure_disk: Option, + /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] + pub azure_file: Option, + /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] - pub sources: Option>, -} - -/// Projection that may be projected along with other supported volume types -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesProjectedSources { - /// configMap information about the configMap data to project + pub cephfs: Option, + /// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cinder: Option, + /// configMap represents a configMap that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, - /// downwardAPI information about the downwardAPI data to project + pub config_map: Option, + /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub csi: Option, + /// downwardAPI represents downward API about the pod that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] - pub downward_api: Option, - /// secret information about the secret data to project + pub downward_api: Option, + /// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). + /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + /// A pod can use both types of ephemeral volumes and persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, - /// serviceAccountToken is information about the serviceAccountToken data to project - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] - pub service_account_token: Option, -} - -/// configMap information about the configMap data to project -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesConfigMap { - /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + pub ephemeral: Option, + /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + pub fc: Option, + /// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] + pub flex_volume: Option, + /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// optional specify whether the ConfigMap or its keys must be defined + pub flocker: Option, + /// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] + pub gce_persistent_disk: Option, + /// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] + pub git_repo: Option, + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub glusterfs: Option, + /// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] + pub host_path: Option, + /// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub iscsi: Option, + /// name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + pub name: String, + /// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + #[serde(default, skip_serializing_if = "Option::is_none")] + pub nfs: Option, + /// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] + pub photon_persistent_disk: Option, + /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] + pub portworx_volume: Option, + /// projected items for all in one resources secrets, configmaps, and downward API + #[serde(default, skip_serializing_if = "Option::is_none")] + pub projected: Option, + /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime + #[serde(default, skip_serializing_if = "Option::is_none")] + pub quobyte: Option, + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rbd: Option, + /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] + pub scale_io: Option, + /// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, + /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub storageos: Option, + /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] + pub vsphere_volume: Option, +} + +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesAwsElasticBlockStore { + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub partition: Option, + /// readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(rename = "volumeID")] + pub volume_id: String, +} + +/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesAzureDisk { + /// cachingMode is the Host Caching mode: None, Read Only, Read Write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] + pub caching_mode: Option, + /// diskName is the Name of the data disk in the blob storage + #[serde(rename = "diskName")] + pub disk_name: String, + /// diskURI is the URI of data disk in the blob storage + #[serde(rename = "diskURI")] + pub disk_uri: String, + /// fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesAzureFile { + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretName is the name of secret that contains Azure Storage Account Name and Key + #[serde(rename = "secretName")] + pub secret_name: String, + /// shareName is the azure share Name + #[serde(rename = "shareName")] + pub share_name: String, +} + +/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesCephfs { + /// monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + pub monitors: Vec, + /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] + pub secret_file: Option, + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesCephfsSecretRef { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesCinder { + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(rename = "volumeID")] + pub volume_id: String, +} + +/// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesCinderSecretRef { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// configMap represents a configMap that should populate this volume +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesConfigMap { + /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesConfigMapItems { +pub struct ClusterComponentSpecsInstancesVolumesConfigMapItems { /// key is the key to project. pub key: String, /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -1340,20 +1334,50 @@ pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesConfigMapItems { pub path: String, } -/// downwardAPI information about the downwardAPI data to project +/// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesDownwardApi { - /// Items is a list of DownwardAPIVolume file +pub struct ClusterComponentSpecsInstancesVolumesCsi { + /// driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + pub driver: String, + /// fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] + pub node_publish_secret_ref: Option, + /// readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] + pub volume_attributes: Option>, +} + +/// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesCsiNodePublishSecretRef { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, + pub name: Option, +} + +/// downwardAPI represents downward API about the pod that should populate this volume +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesDownwardApi { + /// Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// Items is a list of downward API volume file + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, } /// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesDownwardApiItems { +pub struct ClusterComponentSpecsInstancesVolumesDownwardApiItems { /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] - pub field_ref: Option, + pub field_ref: Option, /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, @@ -1361,12 +1385,12 @@ pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesDownwardApiItems pub path: String, /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] - pub resource_field_ref: Option, + pub resource_field_ref: Option, } /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesDownwardApiItemsFieldRef { +pub struct ClusterComponentSpecsInstancesVolumesDownwardApiItemsFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, @@ -1377,7 +1401,7 @@ pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesDownwardApiItems /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { +pub struct ClusterComponentSpecsInstancesVolumesDownwardApiItemsResourceFieldRef { /// Container name: required for volumes, optional for env vars #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] pub container_name: Option, @@ -1388,1257 +1412,1037 @@ pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesDownwardApiItems pub resource: String, } -/// secret information about the secret data to project +/// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesSecret { - /// items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// optional field specify whether the Secret or its key must be defined +pub struct ClusterComponentSpecsInstancesVolumesEmptyDir { + /// medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + pub medium: Option, + /// sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, } -/// Maps a string key to a path within a volume. +/// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. +/// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). +/// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. +/// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. +/// A pod can use both types of ephemeral volumes and persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesSecretItems { - /// key is the key to project. - pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - pub path: String, +pub struct ClusterComponentSpecsInstancesVolumesEphemeral { + /// Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + /// An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + /// This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + /// Required, must not be nil. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] + pub volume_claim_template: Option, } -/// serviceAccountToken is information about the serviceAccountToken data to project +/// Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). +/// An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. +/// This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. +/// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesServiceAccountToken { - /// audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. +pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplate { + /// May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. #[serde(default, skip_serializing_if = "Option::is_none")] - pub audience: Option, - /// expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] - pub expiration_seconds: Option, - /// path is the path relative to the mount point of the file to project the token into. - pub path: String, + pub metadata: Option, + /// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. + pub spec: ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpec, } -/// quobyte represents a Quobyte mount on the host that shares a pod's lifetime +/// May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesQuobyte { - /// group to map volume access to Default is no group +pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateMetadata { #[serde(default, skip_serializing_if = "Option::is_none")] - pub group: Option, - /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes - pub registry: String, - /// tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + pub annotations: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] - pub tenant: Option, - /// user to map volume access to Defaults to serivceaccount user + pub finalizers: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] - pub user: Option, - /// volume is a string that references an already created Quobyte volume by name. - pub volume: String, + pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } -/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +/// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesRbd { - /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - pub image: String, - /// keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpec { + /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] + pub access_modes: Option>, + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] + pub data_source: Option, + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] + pub data_source_ref: Option, + /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[serde(default, skip_serializing_if = "Option::is_none")] - pub keyring: Option, - /// monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - pub monitors: Vec, - /// pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub resources: Option, + /// selector is a label query over volumes to consider for binding. #[serde(default, skip_serializing_if = "Option::is_none")] - pub pool: Option, - /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub selector: Option, + /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] + pub storage_class_name: Option, + /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] + pub volume_mode: Option, + /// volumeName is the binding reference to the PersistentVolume backing this claim. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, +} + +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSource { + /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, +} + +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { + /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, + /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none")] - pub user: Option, + pub namespace: Option, } -/// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +/// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesRbdSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, } -/// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +/// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesScaleIo { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// gateway is the host address of the ScaleIO API Gateway. - pub gateway: String, - /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] - pub protection_domain: Option, - /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. - #[serde(rename = "secretRef")] - pub secret_ref: ClusterComponentSpecsInstancesVolumesScaleIoSecretRef, - /// sslEnabled Flag enable/disable SSL communication with Gateway, default false - #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] - pub ssl_enabled: Option, - /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] - pub storage_mode: Option, - /// storagePool is the ScaleIO Storage Pool associated with the protection domain. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePool")] - pub storage_pool: Option, - /// system is the name of the storage system as configured in ScaleIO. - pub system: String, - /// volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] - pub volume_name: Option, +pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, } -/// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +/// selector is a label query over volumes to consider for binding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesScaleIoSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, +pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesSecret { - /// defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, - /// optional field specify whether the Secret or its keys must be defined +pub struct ClusterComponentSpecsInstancesVolumesEphemeralVolumeClaimTemplateSpecSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, - /// secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] - pub secret_name: Option, + pub values: Option>, } -/// Maps a string key to a path within a volume. +/// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesSecretItems { - /// key is the key to project. - pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +pub struct ClusterComponentSpecsInstancesVolumesFc { + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// lun is Optional: FC target lun number #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - pub path: String, + pub lun: Option, + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// targetWWNs is Optional: FC target worldwide names (WWNs) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] + pub target_ww_ns: Option>, + /// wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wwids: Option>, } -/// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +/// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesStorageos { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +pub struct ClusterComponentSpecsInstancesVolumesFlexVolume { + /// driver is the name of the driver to use for this volume. + pub driver: String, + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// options is Optional: this field holds extra command options if any. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub options: Option>, + /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + /// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] - pub volume_name: Option, - /// volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] - pub volume_namespace: Option, + pub secret_ref: Option, } -/// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +/// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesStorageosSecretRef { +pub struct ClusterComponentSpecsInstancesVolumesFlexVolumeSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +/// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsInstancesVolumesVsphereVolume { - /// fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyID")] - pub storage_policy_id: Option, - /// storagePolicyName is the storage Policy Based Management (SPBM) profile name. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyName")] - pub storage_policy_name: Option, - /// volumePath is the path that identifies vSphere volume vmdk - #[serde(rename = "volumePath")] - pub volume_path: String, +pub struct ClusterComponentSpecsInstancesVolumesFlocker { + /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] + pub dataset_name: Option, + /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset + #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetUUID")] + pub dataset_uuid: Option, } -/// Specifies the configuration for the TLS certificates issuer. It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. Required when TLS is enabled. +/// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsIssuer { - /// The issuer for TLS certificates. It only allows two enum values: `KubeBlocks` and `UserProvided`. - /// - `KubeBlocks` indicates that the self-signed TLS certificates generated by the KubeBlocks Operator will be used. - `UserProvided` means that the user is responsible for providing their own CA, Cert, and Key. In this case, the user-provided CA certificate, server certificate, and private key will be used for TLS communication. - pub name: String, - /// SecretRef is the reference to the secret that contains user-provided certificates. It is required when the issuer is set to `UserProvided`. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, +pub struct ClusterComponentSpecsInstancesVolumesGcePersistentDisk { + /// fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none")] + pub partition: Option, + /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(rename = "pdName")] + pub pd_name: String, + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, } -/// SecretRef is the reference to the secret that contains user-provided certificates. It is required when the issuer is set to `UserProvided`. +/// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsIssuerSecretRef { - /// Key of CA cert in Secret - pub ca: String, - /// Key of Cert in Secret - pub cert: String, - /// Key of TLS private key in Secret - pub key: String, - /// Name of the Secret that contains user-provided certificates. - pub name: String, +pub struct ClusterComponentSpecsInstancesVolumesGitRepo { + /// directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub directory: Option, + /// repository is the URL + pub repository: String, + /// revision is the commit hash for the specified revision. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub revision: Option, } -/// Specifies the resources required by the Component. It allows defining the CPU, memory requirements and limits for the Component's containers. +/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub requests: Option>, +pub struct ClusterComponentSpecsInstancesVolumesGlusterfs { + /// endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + pub endpoints: String, + /// path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + pub path: String, + /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, } -/// ResourceClaim references one entry in PodSpec.ResourceClaims. +/// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. - pub name: String, +pub struct ClusterComponentSpecsInstancesVolumesHostPath { + /// path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + pub path: String, + /// type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, } -/// Specifies the scheduling policy for the Component. +/// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicy { - /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +pub struct ClusterComponentSpecsInstancesVolumesIscsi { + /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] + pub chap_auth_discovery: Option, + /// chapAuthSession defines whether support iSCSI Session CHAP authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] + pub chap_auth_session: Option, + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] + pub initiator_name: Option, + /// iqn is the target iSCSI Qualified Name. + pub iqn: String, + /// iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] + pub iscsi_interface: Option, + /// lun represents iSCSI Target Lun number. + pub lun: i32, + /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). #[serde(default, skip_serializing_if = "Option::is_none")] - pub affinity: Option, - /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] - pub node_name: Option, - /// NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] - pub node_selector: Option>, - /// If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] - pub scheduler_name: Option, - /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. - /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. - /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + pub portals: Option>, + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is the CHAP Secret for iSCSI target and initiator authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + #[serde(rename = "targetPortal")] + pub target_portal: String, +} + +/// secretRef is the CHAP Secret for iSCSI target and initiator authentication +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsInstancesVolumesIscsiSecretRef { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, - /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] - pub topology_spread_constraints: Option>, + pub name: Option, } -/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +/// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinity { - /// Describes node affinity scheduling rules for the pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] - pub node_affinity: Option, - /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] - pub pod_affinity: Option, - /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] - pub pod_anti_affinity: Option, +pub struct ClusterComponentSpecsInstancesVolumesNfs { + /// path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + pub path: String, + /// readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + pub server: String, } -/// Describes node affinity scheduling rules for the pod. +/// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option, +pub struct ClusterComponentSpecsInstancesVolumesPersistentVolumeClaim { + /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + #[serde(rename = "claimName")] + pub claim_name: String, + /// readOnly Will force the ReadOnly setting in VolumeMounts. Default false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, } -/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +/// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// A node selector term, associated with the corresponding weight. - pub preference: ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, - /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - pub weight: i32, +pub struct ClusterComponentSpecsInstancesVolumesPhotonPersistentDisk { + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// pdID is the ID that identifies Photon Controller persistent disk + #[serde(rename = "pdID")] + pub pd_id: String, } -/// A node selector term, associated with the corresponding weight. +/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { - /// A list of node selector requirements by node's labels. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// A list of node selector requirements by node's fields. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] - pub match_fields: Option>, +pub struct ClusterComponentSpecsInstancesVolumesPortworxVolume { + /// fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeID uniquely identifies a Portworx volume + #[serde(rename = "volumeID")] + pub volume_id: String, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// projected items for all in one resources secrets, configmaps, and downward API #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsInstancesVolumesProjected { + /// defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// sources is the list of volume projections #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub sources: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsInstancesVolumesProjectedSources { + /// configMap information about the configMap data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// downwardAPI information about the downwardAPI data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] + pub downward_api: Option, + /// secret information about the secret data to project #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub secret: Option, + /// serviceAccountToken is information about the serviceAccountToken data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] + pub service_account_token: Option, } -/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +/// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// Required. A list of node selector terms. The terms are ORed. - #[serde(rename = "nodeSelectorTerms")] - pub node_selector_terms: Vec, -} - -/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { - /// A list of node selector requirements by node's labels. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// A list of node selector requirements by node's fields. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] - pub match_fields: Option>, -} - -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesConfigMap { + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub items: Option>, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { - /// The label key that the selector applies to. +pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesConfigMapItems { + /// key is the key to project. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option>, + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, } -/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +/// downwardAPI information about the downwardAPI data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// Required. A pod affinity term, associated with the corresponding weight. - #[serde(rename = "podAffinityTerm")] - pub pod_affinity_term: ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - pub weight: i32, +pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesDownwardApi { + /// Items is a list of DownwardAPIVolume file + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, } -/// Required. A pod affinity term, associated with the corresponding weight. +/// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesDownwardApiItems { + /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub mode: Option, + /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + pub path: String, + /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, } -/// A label query over a set of resources, in this case pods. +/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesDownwardApiItemsFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub divisor: Option, + /// Required: resource to select + pub resource: String, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// secret information about the secret data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesSecret { + /// items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional field specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. +pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesSecretItems { + /// key is the key to project. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// serviceAccountToken is information about the serviceAccountToken data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterComponentSpecsInstancesVolumesProjectedSourcesServiceAccountToken { + /// audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub audience: Option, + /// expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] + pub expiration_seconds: Option, + /// path is the path relative to the mount point of the file to project the token into. + pub path: String, } -/// A label query over a set of resources, in this case pods. +/// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsInstancesVolumesQuobyte { + /// group to map volume access to Default is no group + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + pub registry: String, + /// tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tenant: Option, + /// user to map volume access to Defaults to serivceaccount user + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, + /// volume is a string that references an already created Quobyte volume by name. + pub volume: String, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsInstancesVolumesRbd { + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub image: String, + /// keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub keyring: Option, + /// monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub monitors: Vec, + /// pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pool: Option, + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsInstancesVolumesRbdSecretRef { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option>, -} - -/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// Required. A pod affinity term, associated with the corresponding weight. - #[serde(rename = "podAffinityTerm")] - pub pod_affinity_term: ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - pub weight: i32, +pub struct ClusterComponentSpecsInstancesVolumesScaleIo { + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// gateway is the host address of the ScaleIO API Gateway. + pub gateway: String, + /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] + pub protection_domain: Option, + /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + #[serde(rename = "secretRef")] + pub secret_ref: ClusterComponentSpecsInstancesVolumesScaleIoSecretRef, + /// sslEnabled Flag enable/disable SSL communication with Gateway, default false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] + pub ssl_enabled: Option, + /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] + pub storage_mode: Option, + /// storagePool is the ScaleIO Storage Pool associated with the protection domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePool")] + pub storage_pool: Option, + /// system is the name of the storage system as configured in ScaleIO. + pub system: String, + /// volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, } -/// Required. A pod affinity term, associated with the corresponding weight. +/// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterComponentSpecsInstancesVolumesScaleIoSecretRef { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub name: Option, } -/// A label query over a set of resources, in this case pods. +/// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsInstancesVolumesSecret { + /// defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// optional field specify whether the Secret or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + /// secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. +pub struct ClusterComponentSpecsInstancesVolumesSecretItems { + /// key is the key to project. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsInstancesVolumesStorageos { + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, + /// volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] + pub volume_namespace: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsInstancesVolumesStorageosSecretRef { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub name: Option, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, +pub struct ClusterComponentSpecsInstancesVolumesVsphereVolume { + /// fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyID")] + pub storage_policy_id: Option, + /// storagePolicyName is the storage Policy Based Management (SPBM) profile name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyName")] + pub storage_policy_name: Option, + /// volumePath is the path that identifies vSphere volume vmdk + #[serde(rename = "volumePath")] + pub volume_path: String, } -/// A label query over a set of resources, in this case pods. +/// Specifies the configuration for the TLS certificates issuer. It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. Required when TLS is enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsIssuer { + /// The issuer for TLS certificates. It only allows two enum values: `KubeBlocks` and `UserProvided`. + /// - `KubeBlocks` indicates that the self-signed TLS certificates generated by the KubeBlocks Operator will be used. - `UserProvided` means that the user is responsible for providing their own CA, Cert, and Key. In this case, the user-provided CA certificate, server certificate, and private key will be used for TLS communication. + pub name: String, + /// SecretRef is the reference to the secret that contains user-provided certificates. It is required when the issuer is set to `UserProvided`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// SecretRef is the reference to the secret that contains user-provided certificates. It is required when the issuer is set to `UserProvided`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. +pub struct ClusterComponentSpecsIssuerSecretRef { + /// Key of CA cert in Secret + pub ca: String, + /// Key of Cert in Secret + pub cert: String, + /// Key of TLS private key in Secret pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + /// Name of the Secret that contains user-provided certificates. + pub name: String, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// Specifies the resources required by the Component. It allows defining the CPU, memory requirements and limits for the Component's containers. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, +pub struct ClusterComponentSpecsResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// Specifies the scheduling policy for the Component. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +pub struct ClusterComponentSpecsSchedulingPolicy { + /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. #[serde(default, skip_serializing_if = "Option::is_none")] - pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] - pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + pub affinity: Option, + /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] + pub node_name: Option, + /// NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] + pub scheduler_name: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, + pub tolerations: Option>, + /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, } -/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyTopologySpreadConstraints { - /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] - pub match_label_keys: Option>, - /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. - #[serde(rename = "maxSkew")] - pub max_skew: i32, - /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] - pub min_domains: Option, - /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] - pub node_affinity_policy: Option, - /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] - pub node_taints_policy: Option, - /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. - #[serde(rename = "topologyKey")] - pub topology_key: String, - /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. - #[serde(rename = "whenUnsatisfiable")] - pub when_unsatisfiable: String, +pub struct ClusterComponentSpecsSchedulingPolicyAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, } -/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +/// Describes node affinity scheduling rules for the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyTopologySpreadConstraintsLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. +pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, +} + +/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. +pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsServiceRefs { - /// Specifies the name of the KubeBlocks Cluster being referenced. This is used when services from another KubeBlocks Cluster are consumed. - /// By default, the referenced KubeBlocks Cluster's `clusterDefinition.spec.connectionCredential` will be utilized to bind to the current Component. This credential should include: `endpoint`, `port`, `username`, and `password`. - /// Note: - /// - The `ServiceKind` and `ServiceVersion` specified in the service reference within the ClusterDefinition are not validated when using this approach. - If both `cluster` and `serviceDescriptor` are present, `cluster` will take precedence. - /// Deprecated since v0.9 since `clusterDefinition.spec.connectionCredential` is deprecated, use `clusterServiceSelector` instead. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// References a service provided by another KubeBlocks Cluster. It specifies the ClusterService and the account credentials needed for access. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterServiceSelector")] - pub cluster_service_selector: Option, - /// Specifies the identifier of the service reference declaration. It corresponds to the serviceRefDeclaration name defined in either: - /// - `componentDefinition.spec.serviceRefDeclarations[*].name` - `clusterDefinition.spec.componentDefs[*].serviceRefDeclarations[*].name` (deprecated) - pub name: String, - /// Specifies the namespace of the referenced Cluster or the namespace of the referenced ServiceDescriptor object. If not provided, the referenced Cluster and ServiceDescriptor will be searched in the namespace of the current Cluster by default. +pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, - /// Specifies the name of the ServiceDescriptor object that describes a service provided by external sources. - /// When referencing a service provided by external sources, a ServiceDescriptor object is required to establish the service binding. The `serviceDescriptor.spec.serviceKind` and `serviceDescriptor.spec.serviceVersion` should match the serviceKind and serviceVersion declared in the definition. - /// If both `cluster` and `serviceDescriptor` are specified, the `cluster` takes precedence. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceDescriptor")] - pub service_descriptor: Option, + pub values: Option>, } -/// References a service provided by another KubeBlocks Cluster. It specifies the ClusterService and the account credentials needed for access. +/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsServiceRefsClusterServiceSelector { - /// The name of the Cluster being referenced. - pub cluster: String, - /// Specifies the SystemAccount to authenticate and establish a connection with the referenced Cluster. The SystemAccount should be defined in `componentDefinition.spec.systemAccounts` of the Component providing the service in the referenced Cluster. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub credential: Option, - /// Identifies a ClusterService from the list of Services defined in `cluster.spec.services` of the referenced Cluster. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub service: Option, +pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, } -/// Specifies the SystemAccount to authenticate and establish a connection with the referenced Cluster. The SystemAccount should be defined in `componentDefinition.spec.systemAccounts` of the Component providing the service in the referenced Cluster. +/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsServiceRefsClusterServiceSelectorCredential { - /// The name of the Component where the credential resides in. - pub component: String, - /// The name of the credential (SystemAccount) to reference. - pub name: String, +pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, } -/// Identifies a ClusterService from the list of Services defined in `cluster.spec.services` of the referenced Cluster. +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsServiceRefsClusterServiceSelectorService { - /// The name of the Component where the Service resides in. - /// It is required when referencing a Component's Service. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub component: Option, - /// The port name of the Service to be referenced. - /// If there is a non-zero node-port exist for the matched Service port, the node-port will be selected first. - /// If the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched, and the resolved value will be presented in the following format: service1.name:port1,service2.name:port2... +pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, - /// The name of the Service to be referenced. - /// Leave it empty to reference the default Service. Set it to "headless" to reference the default headless Service. - /// If the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched, and the resolved value will be presented in the following format: service1.name,service2.name... - pub service: String, + pub values: Option>, } +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsServices { - /// If ServiceType is LoadBalancer, cloud provider related parameters can be put here. More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. +pub struct ClusterComponentSpecsSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, - /// References the ComponentService name defined in the `componentDefinition.spec.services[*].name`. - pub name: String, - /// Indicates whether to generate individual Services for each Pod. If set to true, a separate Service will be created for each Pod in the Cluster. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podService")] - pub pod_service: Option, - /// Determines how the Service is exposed. Valid options are `ClusterIP`, `NodePort`, and `LoadBalancer`. - /// - `ClusterIP` allocates a Cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, they are determined by manual construction of an Endpoints object or EndpointSlice objects. - `NodePort` builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the ClusterIP. - `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the ClusterIP. - /// Note: although K8s Service type allows the 'ExternalName' type, it is not a valid option for ClusterComponentService. - /// For more info, see: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceType")] - pub service_type: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterComponentSpecsServicesServiceType { - #[serde(rename = "ClusterIP")] - ClusterIp, - NodePort, - LoadBalancer, + pub values: Option>, } -/// Defines the strategy for switchover and failover when workloadType is Replication. -/// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsSwitchPolicy { - /// Type specifies the type of switch policy to be applied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, } -/// Defines the strategy for switchover and failover when workloadType is Replication. -/// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterComponentSpecsSwitchPolicyType { - Noop, +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] - pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, -} - -/// ClusterComponentSpec defines the specification of a Component within a Cluster. TODO +kubebuilder:validation:XValidation:rule="!has(oldSelf.componentDefRef) || has(self.componentDefRef)", message="componentDefRef is required once set" TODO +kubebuilder:validation:XValidation:rule="!has(oldSelf.componentDef) || has(self.componentDef)", message="componentDef is required once set" -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterComponentSpecsUpdateStrategy { - Serial, - BestEffortParallel, - Parallel, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// Allows users to specify custom ConfigMaps and Secrets to be mounted as volumes in the Cluster's Pods. This is useful in scenarios where users need to provide additional resources to the Cluster, such as: -/// - Mounting custom scripts or configuration files during Cluster startup. - Mounting Secrets as volumes to provide sensitive information, like S3 AK/SK, to the Cluster. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsUserResourceRefs { - /// ConfigMapRefs defines the user-defined ConfigMaps. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapRefs")] - pub config_map_refs: Option>, - /// SecretRefs defines the user-defined Secrets. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRefs")] - pub secret_refs: Option>, +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// ConfigMapRef defines a reference to a ConfigMap. +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsUserResourceRefsConfigMapRefs { - /// AsVolumeFrom lists the names of containers in which the volume should be mounted. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "asVolumeFrom")] - pub as_volume_from: Option>, - /// ConfigMap specifies the ConfigMap to be mounted as a volume. - #[serde(rename = "configMap")] - pub config_map: ClusterComponentSpecsUserResourceRefsConfigMapRefsConfigMap, - /// MountPoint is the filesystem path where the volume will be mounted. - #[serde(rename = "mountPoint")] - pub mount_point: String, - /// Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards. - pub name: String, - /// SubPath specifies a path within the volume from which to mount. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] - pub sub_path: Option, +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } -/// ConfigMap specifies the ConfigMap to be mounted as a volume. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsUserResourceRefsConfigMapRefsConfigMap { - /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// optional specify whether the ConfigMap or its keys must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// Maps a string key to a path within a volume. +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsUserResourceRefsConfigMapRefsConfigMapItems { - /// key is the key to project. +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - pub path: String, -} - -/// SecretRef defines a reference to a Secret. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsUserResourceRefsSecretRefs { - /// AsVolumeFrom lists the names of containers in which the volume should be mounted. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "asVolumeFrom")] - pub as_volume_from: Option>, - /// MountPoint is the filesystem path where the volume will be mounted. - #[serde(rename = "mountPoint")] - pub mount_point: String, - /// Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards. - pub name: String, - /// Secret specifies the Secret to be mounted as a volume. - pub secret: ClusterComponentSpecsUserResourceRefsSecretRefsSecret, - /// SubPath specifies a path within the volume from which to mount. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] - pub sub_path: Option, + pub values: Option>, } -/// Secret specifies the Secret to be mounted as a volume. +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsUserResourceRefsSecretRefsSecret { - /// defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, - /// optional field specify whether the Secret or its keys must be defined +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, - /// secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] - pub secret_name: Option, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// Maps a string key to a path within a volume. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsUserResourceRefsSecretRefsSecretItems { - /// key is the key to project. - pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - pub path: String, +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsVolumeClaimTemplates { - /// Refers to the name of a volumeMount defined in either: - /// - `componentDefinition.spec.runtime.containers[*].volumeMounts` - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) - /// The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. - pub name: String, - /// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. - /// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub spec: Option, + pub values: Option>, } -/// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. -/// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsVolumeClaimTemplatesSpec { - /// Contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] - pub access_modes: Option>, - /// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// The name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] - pub storage_class_name: Option, - /// Defines what type of volume is required by the claim, either Block or Filesystem. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] - pub volume_mode: Option, +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsVolumeClaimTemplatesSpecResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub requests: Option>, + pub values: Option>, } -/// ResourceClaim references one entry in PodSpec.ResourceClaims. +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterComponentSpecsVolumeClaimTemplatesSpecResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. - pub name: String, +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, } -/// The configuration of network. -/// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterNetwork { - /// Indicates whether the host network can be accessed. By default, this is set to false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostNetworkAccessible")] - pub host_network_accessible: Option, - /// Indicates whether the network is accessible to the public. By default, this is set to false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "publiclyAccessible")] - pub publicly_accessible: Option, +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, } -/// Specifies the resources of the first componentSpec, if the resources of the first componentSpec is specified, this value will be ignored. -/// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. +/// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterResources { - /// Specifies the amount of CPU resource the Cluster needs. For more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cpu: Option, - /// Specifies the amount of memory resource the Cluster needs. For more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub memory: Option, -} - -/// Specifies the scheduling policy for the Cluster. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicy { - /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub affinity: Option, - /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] - pub node_name: Option, - /// NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] - pub node_selector: Option>, - /// If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] - pub scheduler_name: Option, - /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. - /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. - /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, - /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] - pub topology_spread_constraints: Option>, -} - -/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinity { - /// Describes node affinity scheduling rules for the pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] - pub node_affinity: Option, - /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] - pub pod_affinity: Option, - /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] - pub pod_anti_affinity: Option, -} - -/// Describes node affinity scheduling rules for the pod. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option, -} - -/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// A node selector term, associated with the corresponding weight. - pub preference: ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, - /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - pub weight: i32, -} - -/// A node selector term, associated with the corresponding weight. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { - /// A list of node selector requirements by node's labels. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// A list of node selector requirements by node's fields. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] - pub match_fields: Option>, -} - -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// Required. A list of node selector terms. The terms are ORed. - #[serde(rename = "nodeSelectorTerms")] - pub node_selector_terms: Vec, -} - -/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { - /// A list of node selector requirements by node's labels. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// A list of node selector requirements by node's fields. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] - pub match_fields: Option>, -} - -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option>, -} - -/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// Required. A pod affinity term, associated with the corresponding weight. - #[serde(rename = "podAffinityTerm")] - pub pod_affinity_term: ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - pub weight: i32, -} - -/// Required. A pod affinity term, associated with the corresponding weight. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, + pub label_selector: Option, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, + pub namespace_selector: Option, /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, @@ -2649,10 +2453,10 @@ pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIg /// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, @@ -2660,7 +2464,7 @@ pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIg /// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. @@ -2672,10 +2476,10 @@ pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIg /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, @@ -2683,7 +2487,7 @@ pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIg /// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. @@ -2695,13 +2499,13 @@ pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIg /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, + pub label_selector: Option, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, + pub namespace_selector: Option, /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, @@ -2712,10 +2516,10 @@ pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgn /// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, @@ -2723,7 +2527,7 @@ pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgn /// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. @@ -2735,10 +2539,10 @@ pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgn /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, @@ -2746,7 +2550,7 @@ pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgn /// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { +pub struct ClusterComponentSpecsSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. @@ -2756,50 +2560,66 @@ pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgn pub values: Option>, } -/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option>, -} - -/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// Required. A pod affinity term, associated with the corresponding weight. - #[serde(rename = "podAffinityTerm")] - pub pod_affinity_term: ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - pub weight: i32, -} - -/// Required. A pod affinity term, associated with the corresponding weight. +/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterComponentSpecsSchedulingPolicyTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } -/// A label query over a set of resources, in this case pods. +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { +pub struct ClusterComponentSpecsSchedulingPolicyTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, +} + +/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsSchedulingPolicyTopologySpreadConstraintsLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, @@ -2807,7 +2627,7 @@ pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringScheduli /// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { +pub struct ClusterComponentSpecsSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. @@ -2817,95 +2637,170 @@ pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringScheduli pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsServiceRefs { + /// Specifies the name of the KubeBlocks Cluster being referenced. This is used when services from another KubeBlocks Cluster are consumed. + /// By default, the referenced KubeBlocks Cluster's `clusterDefinition.spec.connectionCredential` will be utilized to bind to the current Component. This credential should include: `endpoint`, `port`, `username`, and `password`. + /// Note: + /// - The `ServiceKind` and `ServiceVersion` specified in the service reference within the ClusterDefinition are not validated when using this approach. - If both `cluster` and `serviceDescriptor` are present, `cluster` will take precedence. + /// Deprecated since v0.9 since `clusterDefinition.spec.connectionCredential` is deprecated, use `clusterServiceSelector` instead. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// References a service provided by another KubeBlocks Cluster. It specifies the ClusterService and the account credentials needed for access. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterServiceSelector")] + pub cluster_service_selector: Option, + /// Specifies the identifier of the service reference declaration. It corresponds to the serviceRefDeclaration name defined in either: + /// - `componentDefinition.spec.serviceRefDeclarations[*].name` - `clusterDefinition.spec.componentDefs[*].serviceRefDeclarations[*].name` (deprecated) + pub name: String, + /// Specifies the namespace of the referenced Cluster or the namespace of the referenced ServiceDescriptor object. If not provided, the referenced Cluster and ServiceDescriptor will be searched in the namespace of the current Cluster by default. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Specifies the name of the ServiceDescriptor object that describes a service provided by external sources. + /// When referencing a service provided by external sources, a ServiceDescriptor object is required to establish the service binding. The `serviceDescriptor.spec.serviceKind` and `serviceDescriptor.spec.serviceVersion` should match the serviceKind and serviceVersion declared in the definition. + /// If both `cluster` and `serviceDescriptor` are specified, the `cluster` takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceDescriptor")] + pub service_descriptor: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// References a service provided by another KubeBlocks Cluster. It specifies the ClusterService and the account credentials needed for access. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsServiceRefsClusterServiceSelector { + /// The name of the Cluster being referenced. + pub cluster: String, + /// Specifies the SystemAccount to authenticate and establish a connection with the referenced Cluster. The SystemAccount should be defined in `componentDefinition.spec.systemAccounts` of the Component providing the service in the referenced Cluster. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub credential: Option, + /// Identifies a ClusterService from the list of Services defined in `cluster.spec.services` of the referenced Cluster. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Specifies the SystemAccount to authenticate and establish a connection with the referenced Cluster. The SystemAccount should be defined in `componentDefinition.spec.systemAccounts` of the Component providing the service in the referenced Cluster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, +pub struct ClusterComponentSpecsServiceRefsClusterServiceSelectorCredential { + /// The name of the Component where the credential resides in. + pub component: String, + /// The name of the credential (SystemAccount) to reference. + pub name: String, } -/// A label query over a set of resources, in this case pods. +/// Identifies a ClusterService from the list of Services defined in `cluster.spec.services` of the referenced Cluster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsServiceRefsClusterServiceSelectorService { + /// The name of the Component where the Service resides in. + /// It is required when referencing a Component's Service. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub component: Option, + /// The port name of the Service to be referenced. + /// If there is a non-zero node-port exist for the matched Service port, the node-port will be selected first. + /// If the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched, and the resolved value will be presented in the following format: service1.name:port1,service2.name:port2... + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// The name of the Service to be referenced. + /// Leave it empty to reference the default Service. Set it to "headless" to reference the default headless Service. + /// If the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched, and the resolved value will be presented in the following format: service1.name,service2.name... + pub service: String, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsServices { + /// If ServiceType is LoadBalancer, cloud provider related parameters can be put here. More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub annotations: Option>, + /// References the ComponentService name defined in the `componentDefinition.spec.services[*].name`. + pub name: String, + /// Indicates whether to generate individual Services for each Pod. If set to true, a separate Service will be created for each Pod in the Cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podService")] + pub pod_service: Option, + /// Determines how the Service is exposed. Valid options are `ClusterIP`, `NodePort`, and `LoadBalancer`. + /// - `ClusterIP` allocates a Cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, they are determined by manual construction of an Endpoints object or EndpointSlice objects. - `NodePort` builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the ClusterIP. - `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the ClusterIP. + /// Note: although K8s Service type allows the 'ExternalName' type, it is not a valid option for ClusterComponentService. + /// For more info, see: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceType")] + pub service_type: Option, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterComponentSpecsServicesServiceType { + #[serde(rename = "ClusterIP")] + ClusterIp, + NodePort, + LoadBalancer, +} + +/// Defines the strategy for switchover and failover when workloadType is Replication. +/// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsSwitchPolicy { + /// Type specifies the type of switch policy to be applied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// Defines the strategy for switchover and failover when workloadType is Replication. +/// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterComponentSpecsSwitchPolicyType { + Noop, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsSystemAccounts { + /// The name of the system account. + pub name: String, + /// Specifies the policy for generating the account's password. + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordConfig")] + pub password_config: Option, + /// Refers to the secret from which data will be copied to create the new account. + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, +} + +/// Specifies the policy for generating the account's password. +/// This field is immutable once set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsSystemAccountsPasswordConfig { + /// The length of the password. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub length: Option, + /// The case of the letters in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "letterCase")] + pub letter_case: Option, + /// The number of digits in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "numDigits")] + pub num_digits: Option, + /// The number of symbols in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "numSymbols")] + pub num_symbols: Option, + /// Seed to generate the account's password. Cannot be updated. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub seed: Option, +} + +/// Specifies the policy for generating the account's password. +/// This field is immutable once set. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterComponentSpecsSystemAccountsPasswordConfigLetterCase { + LowerCases, + UpperCases, + MixedCases, +} + +/// Refers to the secret from which data will be copied to create the new account. +/// This field is immutable once set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsSystemAccountsSecretRef { + /// The unique identifier of the secret. + pub name: String, + /// The namespace where the secret is located. + pub namespace: String, } /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyTolerations { +pub struct ClusterComponentSpecsTolerations { /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, @@ -2923,222 +2818,865 @@ pub struct ClusterSchedulingPolicyTolerations { pub value: Option, } -/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +/// ClusterComponentSpec defines the specification of a Component within a Cluster. TODO +kubebuilder:validation:XValidation:rule="!has(oldSelf.componentDefRef) || has(self.componentDefRef)", message="componentDefRef is required once set" TODO +kubebuilder:validation:XValidation:rule="!has(oldSelf.componentDef) || has(self.componentDef)", message="componentDef is required once set" +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterComponentSpecsUpdateStrategy { + Serial, + BestEffortParallel, + Parallel, +} + +/// Allows users to specify custom ConfigMaps and Secrets to be mounted as volumes in the Cluster's Pods. This is useful in scenarios where users need to provide additional resources to the Cluster, such as: +/// - Mounting custom scripts or configuration files during Cluster startup. - Mounting Secrets as volumes to provide sensitive information, like S3 AK/SK, to the Cluster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyTopologySpreadConstraints { - /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] - pub match_label_keys: Option>, - /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. - #[serde(rename = "maxSkew")] - pub max_skew: i32, - /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] - pub min_domains: Option, - /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] - pub node_affinity_policy: Option, - /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] - pub node_taints_policy: Option, - /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. - #[serde(rename = "topologyKey")] - pub topology_key: String, - /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. - #[serde(rename = "whenUnsatisfiable")] - pub when_unsatisfiable: String, +pub struct ClusterComponentSpecsUserResourceRefs { + /// ConfigMapRefs defines the user-defined ConfigMaps. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapRefs")] + pub config_map_refs: Option>, + /// SecretRefs defines the user-defined Secrets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRefs")] + pub secret_refs: Option>, } -/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +/// ConfigMapRef defines a reference to a ConfigMap. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyTopologySpreadConstraintsLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsUserResourceRefsConfigMapRefs { + /// AsVolumeFrom lists the names of containers in which the volume should be mounted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "asVolumeFrom")] + pub as_volume_from: Option>, + /// ConfigMap specifies the ConfigMap to be mounted as a volume. + #[serde(rename = "configMap")] + pub config_map: ClusterComponentSpecsUserResourceRefsConfigMapRefsConfigMap, + /// MountPoint is the filesystem path where the volume will be mounted. + #[serde(rename = "mountPoint")] + pub mount_point: String, + /// Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards. + pub name: String, + /// SubPath specifies a path within the volume from which to mount. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// ConfigMap specifies the ConfigMap to be mounted as a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsUserResourceRefsConfigMapRefsConfigMap { + /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub items: Option>, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// ClusterService defines a service that is exposed externally, allowing entities outside the cluster to access it. For example, external applications, or other Clusters. And another Cluster managed by the same KubeBlocks operator can resolve the address exposed by a ClusterService using the `serviceRef` field. -/// When a Component needs to access another Cluster's ClusterService using the `serviceRef` field, it must also define the service type and version information in the `componentDefinition.spec.serviceRefDeclarations` section. +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterServices { - /// If ServiceType is LoadBalancer, cloud provider related parameters can be put here More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. +pub struct ClusterComponentSpecsUserResourceRefsConfigMapRefsConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, - /// Extends the ServiceSpec.Selector by allowing the specification of a component, to be used as a selector for the service. Note that this and the `shardingSelector` are mutually exclusive and cannot be set simultaneously. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentSelector")] - pub component_selector: Option, - /// Name defines the name of the service. otherwise, it indicates the name of the service. Others can refer to this service by its name. (e.g., connection credential) Cannot be updated. + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, +} + +/// SecretRef defines a reference to a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsUserResourceRefsSecretRefs { + /// AsVolumeFrom lists the names of containers in which the volume should be mounted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "asVolumeFrom")] + pub as_volume_from: Option>, + /// MountPoint is the filesystem path where the volume will be mounted. + #[serde(rename = "mountPoint")] + pub mount_point: String, + /// Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards. pub name: String, - /// Extends the above `serviceSpec.selector` by allowing you to specify defined role as selector for the service. When `roleSelector` is set, it adds a label selector "kubeblocks.io/role: {roleSelector}" to the `serviceSpec.selector`. Example usage: - /// roleSelector: "leader" - /// In this example, setting `roleSelector` to "leader" will add a label selector "kubeblocks.io/role: leader" to the `serviceSpec.selector`. This means that the service will select and route traffic to Pods with the label "kubeblocks.io/role" set to "leader". - /// Note that if `podService` sets to true, RoleSelector will be ignored. The `podService` flag takes precedence over `roleSelector` and generates a service for each Pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "roleSelector")] - pub role_selector: Option, - /// ServiceName defines the name of the underlying service object. If not specified, the default service name with different patterns will be used: - /// - CLUSTER_NAME: for cluster-level services - CLUSTER_NAME-COMPONENT_NAME: for component-level services - /// Only one default service name is allowed. Cannot be updated. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceName")] - pub service_name: Option, - /// Extends the ServiceSpec.Selector by allowing the specification of a sharding name, which is defined in `cluster.spec.shardingSpecs[*].name`, to be used as a selector for the service. Note that this and the `componentSelector` are mutually exclusive and cannot be set simultaneously. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "shardingSelector")] - pub sharding_selector: Option, - /// Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - #[serde(default, skip_serializing_if = "Option::is_none")] - pub spec: Option, + /// Secret specifies the Secret to be mounted as a volume. + pub secret: ClusterComponentSpecsUserResourceRefsSecretRefsSecret, + /// SubPath specifies a path within the volume from which to mount. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, } -/// Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +/// Secret specifies the Secret to be mounted as a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterServicesSpec { - /// allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocateLoadBalancerNodePorts")] - pub allocate_load_balancer_node_ports: Option, - /// clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIP")] - pub cluster_ip: Option, - /// ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - /// This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIPs")] - pub cluster_i_ps: Option>, - /// externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalIPs")] - pub external_i_ps: Option>, - /// externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalName")] - pub external_name: Option, - /// externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalTrafficPolicy")] - pub external_traffic_policy: Option, - /// healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheckNodePort")] - pub health_check_node_port: Option, - /// InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "internalTrafficPolicy")] - pub internal_traffic_policy: Option, - /// IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are "IPv4" and "IPv6". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. - /// This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilies")] - pub ip_families: Option>, - /// IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilyPolicy")] - pub ip_family_policy: Option, - /// loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerClass")] - pub load_balancer_class: Option, - /// Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerIP")] - pub load_balancer_ip: Option, - /// If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerSourceRanges")] - pub load_balancer_source_ranges: Option>, - /// The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies +pub struct ClusterComponentSpecsUserResourceRefsSecretRefsSecret { + /// defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ports: Option>, - /// publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "publishNotReadyAddresses")] - pub publish_not_ready_addresses: Option, - /// Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/ + pub items: Option>, + /// optional field specify whether the Secret or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option>, - /// Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinity")] - pub session_affinity: Option, - /// sessionAffinityConfig contains the configurations of session affinity. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinityConfig")] - pub session_affinity_config: Option, - /// type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, + pub optional: Option, + /// secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, } -/// ServicePort contains information on service's port. +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterServicesSpecPorts { - /// The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: - /// * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - /// * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - /// * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] - pub app_protocol: Option, - /// The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePort")] - pub node_port: Option, - /// The port that will be exposed by this service. - pub port: i32, - /// The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. +pub struct ClusterComponentSpecsUserResourceRefsSecretRefsSecretItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub protocol: Option, - /// Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] - pub target_port: Option, + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, } -/// sessionAffinityConfig contains the configurations of session affinity. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterServicesSpecSessionAffinityConfig { - /// clientIP contains the configurations of Client IP based session affinity. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientIP")] - pub client_ip: Option, +pub struct ClusterComponentSpecsVolumeClaimTemplates { + /// Refers to the name of a volumeMount defined in either: + /// - `componentDefinition.spec.runtime.containers[*].volumeMounts` - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) + /// The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. + pub name: String, + /// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. + /// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spec: Option, } -/// clientIP contains the configurations of Client IP based session affinity. +/// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. +/// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterServicesSpecSessionAffinityConfigClientIp { - /// timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] - pub timeout_seconds: Option, +pub struct ClusterComponentSpecsVolumeClaimTemplatesSpec { + /// Contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] + pub access_modes: Option>, + /// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// The name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] + pub storage_class_name: Option, + /// Defines what type of volume is required by the claim, either Block or Filesystem. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] + pub volume_mode: Option, } -/// ShardingSpec defines how KubeBlocks manage dynamic provisioned shards. A typical design pattern for distributed databases is to distribute data across multiple shards, with each shard consisting of multiple replicas. Therefore, KubeBlocks supports representing a shard with a Component and dynamically instantiating Components using a template when shards are added. When shards are removed, the corresponding Components are also deleted. +/// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecs { - /// Represents the common parent part of all shard names. This identifier is included as part of the Service DNS name and must comply with IANA service naming rules. It is used to generate the names of underlying Components following the pattern `$(shardingSpec.name)-$(ShardID)`. ShardID is a random string that is appended to the Name to generate unique identifiers for each shard. For example, if the sharding specification name is "my-shard" and the ShardID is "abc", the resulting Component name would be "my-shard-abc". - /// Note that the name defined in Component template(`shardingSpec.template.name`) will be disregarded when generating the Component names of the shards. The `shardingSpec.name` field takes precedence. - pub name: String, - /// Specifies the desired number of shards. Users can declare the desired number of shards through this field. KubeBlocks dynamically creates and deletes Components based on the difference between the desired and actual number of shards. KubeBlocks provides lifecycle management for sharding, including: - /// - Executing the postProvision Action defined in the ComponentDefinition when the number of shards increases. This allows for custom actions to be performed after a new shard is provisioned. - Executing the preTerminate Action defined in the ComponentDefinition when the number of shards decreases. This enables custom cleanup or data migration tasks to be executed before a shard is terminated. Resources and data associated with the corresponding Component will also be deleted. +pub struct ClusterComponentSpecsVolumeClaimTemplatesSpecResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] - pub shards: Option, - /// The template for generating Components for shards, where each shard consists of one Component. This field is of type ClusterComponentSpec, which encapsulates all the required details and definitions for creating and managing the Components. KubeBlocks uses this template to generate a set of identical Components or shards. All the generated Components will have the same specifications and definitions as specified in the `template` field. - /// This allows for the creation of multiple Components with consistent configurations, enabling sharding and distribution of workloads across Components. - pub template: ClusterShardingSpecsTemplate, + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, } -/// The template for generating Components for shards, where each shard consists of one Component. This field is of type ClusterComponentSpec, which encapsulates all the required details and definitions for creating and managing the Components. KubeBlocks uses this template to generate a set of identical Components or shards. All the generated Components will have the same specifications and definitions as specified in the `template` field. -/// This allows for the creation of multiple Components with consistent configurations, enabling sharding and distribution of workloads across Components. +/// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplate { - /// Specifies a group of affinity scheduling rules for the Component. It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. - /// Deprecated since v0.10, replaced by the `schedulingPolicy` field. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub affinity: Option, +pub struct ClusterComponentSpecsVolumeClaimTemplatesSpecResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + +/// The configuration of network. +/// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterNetwork { + /// Indicates whether the host network can be accessed. By default, this is set to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostNetworkAccessible")] + pub host_network_accessible: Option, + /// Indicates whether the network is accessible to the public. By default, this is set to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "publiclyAccessible")] + pub publicly_accessible: Option, +} + +/// Specifies the resources of the first componentSpec, if the resources of the first componentSpec is specified, this value will be ignored. +/// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterResources { + /// Specifies the amount of CPU resource the Cluster needs. For more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cpu: Option, + /// Specifies the amount of memory resource the Cluster needs. For more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub memory: Option, +} + +/// Specifies the scheduling policy for the Cluster. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicy { + /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, + /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] + pub node_name: Option, + /// NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] + pub scheduler_name: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, + /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, +} + +/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, +} + +/// Describes node affinity scheduling rules for the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, +} + +/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, +} + +/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, +} + +/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ClusterService defines a service that is exposed externally, allowing entities outside the cluster to access it. For example, external applications, or other Clusters. And another Cluster managed by the same KubeBlocks operator can resolve the address exposed by a ClusterService using the `serviceRef` field. +/// When a Component needs to access another Cluster's ClusterService using the `serviceRef` field, it must also define the service type and version information in the `componentDefinition.spec.serviceRefDeclarations` section. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterServices { + /// If ServiceType is LoadBalancer, cloud provider related parameters can be put here More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Extends the ServiceSpec.Selector by allowing the specification of a component, to be used as a selector for the service. Note that this and the `shardingSelector` are mutually exclusive and cannot be set simultaneously. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentSelector")] + pub component_selector: Option, + /// Name defines the name of the service. otherwise, it indicates the name of the service. Others can refer to this service by its name. (e.g., connection credential) Cannot be updated. + pub name: String, + /// Extends the above `serviceSpec.selector` by allowing you to specify defined role as selector for the service. When `roleSelector` is set, it adds a label selector "kubeblocks.io/role: {roleSelector}" to the `serviceSpec.selector`. Example usage: + /// roleSelector: "leader" + /// In this example, setting `roleSelector` to "leader" will add a label selector "kubeblocks.io/role: leader" to the `serviceSpec.selector`. This means that the service will select and route traffic to Pods with the label "kubeblocks.io/role" set to "leader". + /// Note that if `podService` sets to true, RoleSelector will be ignored. The `podService` flag takes precedence over `roleSelector` and generates a service for each Pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "roleSelector")] + pub role_selector: Option, + /// ServiceName defines the name of the underlying service object. If not specified, the default service name with different patterns will be used: + /// - CLUSTER_NAME: for cluster-level services - CLUSTER_NAME-COMPONENT_NAME: for component-level services + /// Only one default service name is allowed. Cannot be updated. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceName")] + pub service_name: Option, + /// Extends the ServiceSpec.Selector by allowing the specification of a sharding name, which is defined in `cluster.spec.shardingSpecs[*].name`, to be used as a selector for the service. Note that this and the `componentSelector` are mutually exclusive and cannot be set simultaneously. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "shardingSelector")] + pub sharding_selector: Option, + /// Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spec: Option, +} + +/// Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterServicesSpec { + /// allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocateLoadBalancerNodePorts")] + pub allocate_load_balancer_node_ports: Option, + /// clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIP")] + pub cluster_ip: Option, + /// ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. + /// This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIPs")] + pub cluster_i_ps: Option>, + /// externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalIPs")] + pub external_i_ps: Option>, + /// externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalName")] + pub external_name: Option, + /// externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalTrafficPolicy")] + pub external_traffic_policy: Option, + /// healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheckNodePort")] + pub health_check_node_port: Option, + /// InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "internalTrafficPolicy")] + pub internal_traffic_policy: Option, + /// IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are "IPv4" and "IPv6". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + /// This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilies")] + pub ip_families: Option>, + /// IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilyPolicy")] + pub ip_family_policy: Option, + /// loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerClass")] + pub load_balancer_class: Option, + /// Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerIP")] + pub load_balancer_ip: Option, + /// If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerSourceRanges")] + pub load_balancer_source_ranges: Option>, + /// The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ports: Option>, + /// publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "publishNotReadyAddresses")] + pub publish_not_ready_addresses: Option, + /// Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option>, + /// Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinity")] + pub session_affinity: Option, + /// sessionAffinityConfig contains the configurations of session affinity. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinityConfig")] + pub session_affinity_config: Option, + /// type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// ServicePort contains information on service's port. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterServicesSpecPorts { + /// The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: + /// * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). + /// * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + /// * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] + pub app_protocol: Option, + /// The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePort")] + pub node_port: Option, + /// The port that will be exposed by this service. + pub port: i32, + /// The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub protocol: Option, + /// Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] + pub target_port: Option, +} + +/// sessionAffinityConfig contains the configurations of session affinity. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterServicesSpecSessionAffinityConfig { + /// clientIP contains the configurations of Client IP based session affinity. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientIP")] + pub client_ip: Option, +} + +/// clientIP contains the configurations of Client IP based session affinity. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterServicesSpecSessionAffinityConfigClientIp { + /// timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] + pub timeout_seconds: Option, +} + +/// ShardingSpec defines how KubeBlocks manage dynamic provisioned shards. A typical design pattern for distributed databases is to distribute data across multiple shards, with each shard consisting of multiple replicas. Therefore, KubeBlocks supports representing a shard with a Component and dynamically instantiating Components using a template when shards are added. When shards are removed, the corresponding Components are also deleted. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecs { + /// Represents the common parent part of all shard names. This identifier is included as part of the Service DNS name and must comply with IANA service naming rules. It is used to generate the names of underlying Components following the pattern `$(shardingSpec.name)-$(ShardID)`. ShardID is a random string that is appended to the Name to generate unique identifiers for each shard. For example, if the sharding specification name is "my-shard" and the ShardID is "abc", the resulting Component name would be "my-shard-abc". + /// Note that the name defined in Component template(`shardingSpec.template.name`) will be disregarded when generating the Component names of the shards. The `shardingSpec.name` field takes precedence. + pub name: String, + /// Specifies the desired number of shards. Users can declare the desired number of shards through this field. KubeBlocks dynamically creates and deletes Components based on the difference between the desired and actual number of shards. KubeBlocks provides lifecycle management for sharding, including: + /// - Executing the postProvision Action defined in the ComponentDefinition when the number of shards increases. This allows for custom actions to be performed after a new shard is provisioned. - Executing the preTerminate Action defined in the ComponentDefinition when the number of shards decreases. This enables custom cleanup or data migration tasks to be executed before a shard is terminated. Resources and data associated with the corresponding Component will also be deleted. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub shards: Option, + /// The template for generating Components for shards, where each shard consists of one Component. This field is of type ClusterComponentSpec, which encapsulates all the required details and definitions for creating and managing the Components. KubeBlocks uses this template to generate a set of identical Components or shards. All the generated Components will have the same specifications and definitions as specified in the `template` field. + /// This allows for the creation of multiple Components with consistent configurations, enabling sharding and distribution of workloads across Components. + pub template: ClusterShardingSpecsTemplate, +} + +/// The template for generating Components for shards, where each shard consists of one Component. This field is of type ClusterComponentSpec, which encapsulates all the required details and definitions for creating and managing the Components. KubeBlocks uses this template to generate a set of identical Components or shards. All the generated Components will have the same specifications and definitions as specified in the `template` field. +/// This allows for the creation of multiple Components with consistent configurations, enabling sharding and distribution of workloads across Components. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplate { + /// Specifies a group of affinity scheduling rules for the Component. It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. + /// Deprecated since v0.10, replaced by the `schedulingPolicy` field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, /// References the name of a ComponentDefinition object. The ComponentDefinition specifies the behavior and characteristics of the Component. If both `componentDefRef` and `componentDef` are provided, the `componentDef` will take precedence over `componentDefRef`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentDef")] pub component_def: Option, @@ -3148,329 +3686,756 @@ pub struct ClusterShardingSpecsTemplate { #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentDefRef")] pub component_def_ref: Option, #[serde(default, skip_serializing_if = "Option::is_none")] - pub configs: Option>, - /// Determines whether metrics exporter information is annotated on the Component's headless Service. - /// If set to true, the following annotations will not be patched into the Service: - /// - "monitor.kubeblocks.io/path" - "monitor.kubeblocks.io/port" - "monitor.kubeblocks.io/scheme" - /// These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableExporter")] - pub disable_exporter: Option, - /// Specifies which types of logs should be collected for the Component. The log types are defined in the `componentDefinition.spec.logConfigs` field with the LogConfig entries. - /// The elements in the `enabledLogs` array correspond to the names of the LogConfig entries. For example, if the `componentDefinition.spec.logConfigs` defines LogConfig entries with names "slow_query_log" and "error_log", you can enable the collection of these logs by including their names in the `enabledLogs` array: ```yaml enabledLogs: - slow_query_log - error_log ``` - #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledLogs")] - pub enabled_logs: Option>, - /// Allows for the customization of configuration values for each instance within a Component. An instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). While instances typically share a common configuration as defined in the ClusterComponentSpec, they can require unique settings in various scenarios: - /// For example: - A database Component might require different resource allocations for primary and secondary instances, with primaries needing more resources. - During a rolling upgrade, a Component may first update the image for one or a few instances, and then update the remaining instances after verifying that the updated instances are functioning correctly. - /// InstanceTemplate allows for specifying these unique configurations per instance. Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), starting with an ordinal of 0. It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. - /// The sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules. + pub configs: Option>, + /// Determines whether metrics exporter information is annotated on the Component's headless Service. + /// If set to true, the following annotations will not be patched into the Service: + /// - "monitor.kubeblocks.io/path" - "monitor.kubeblocks.io/port" - "monitor.kubeblocks.io/scheme" + /// These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableExporter")] + pub disable_exporter: Option, + /// Specifies which types of logs should be collected for the Component. The log types are defined in the `componentDefinition.spec.logConfigs` field with the LogConfig entries. + /// The elements in the `enabledLogs` array correspond to the names of the LogConfig entries. For example, if the `componentDefinition.spec.logConfigs` defines LogConfig entries with names "slow_query_log" and "error_log", you can enable the collection of these logs by including their names in the `enabledLogs` array: ```yaml enabledLogs: - slow_query_log - error_log ``` + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledLogs")] + pub enabled_logs: Option>, + /// Allows for the customization of configuration values for each instance within a Component. An instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). While instances typically share a common configuration as defined in the ClusterComponentSpec, they can require unique settings in various scenarios: + /// For example: - A database Component might require different resource allocations for primary and secondary instances, with primaries needing more resources. - During a rolling upgrade, a Component may first update the image for one or a few instances, and then update the remaining instances after verifying that the updated instances are functioning correctly. + /// InstanceTemplate allows for specifying these unique configurations per instance. Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), starting with an ordinal of 0. It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. + /// The sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub instances: Option>, + /// Specifies the configuration for the TLS certificates issuer. It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. Required when TLS is enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub issuer: Option, + /// Deprecated since v0.9 Determines whether metrics exporter information is annotated on the Component's headless Service. + /// If set to true, the following annotations will be patched into the Service: + /// - "monitor.kubeblocks.io/path" - "monitor.kubeblocks.io/port" - "monitor.kubeblocks.io/scheme" + /// These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub monitor: Option, + /// Specifies the Component's name. It's part of the Service DNS name and must comply with the IANA service naming rule. The name is optional when ClusterComponentSpec is used as a template (e.g., in `shardingSpec`), but required otherwise. + /// TODO +kubebuilder:validation:XValidation:rule="self == oldSelf",message="name is immutable" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specifies the names of instances to be transitioned to offline status. + /// Marking an instance as offline results in the following: + /// 1. The associated Pod is stopped, and its PersistentVolumeClaim (PVC) is retained for potential future reuse or data recovery, but it is no longer actively used. 2. The ordinal number assigned to this instance is preserved, ensuring it remains unique and avoiding conflicts with new instances. + /// Setting instances to offline allows for a controlled scale-in process, preserving their data and maintaining ordinal consistency within the Cluster. Note that offline instances and their associated resources, such as PVCs, are not automatically deleted. The administrator must manually manage the cleanup and removal of these resources when they are no longer needed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "offlineInstances")] + pub offline_instances: Option>, + /// Specifies the desired number of replicas in the Component for enhancing availability and durability, or load balancing. + pub replicas: i32, + /// Specifies the resources required by the Component. It allows defining the CPU, memory requirements and limits for the Component's containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Specifies the scheduling policy for the Component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingPolicy")] + pub scheduling_policy: Option, + /// Specifies the name of the ServiceAccount required by the running Component. This ServiceAccount is used to grant necessary permissions for the Component's Pods to interact with other Kubernetes resources, such as modifying Pod labels or sending events. + /// Defaults: If not specified, KubeBlocks automatically assigns a default ServiceAccount named "kb-{cluster.name}", bound to a default role installed together with KubeBlocks. + /// Future Changes: Future versions might change the default ServiceAccount creation strategy to one per Component, potentially revising the naming to "kb-{cluster.name}-{component.name}". + /// Users can override the automatic ServiceAccount assignment by explicitly setting the name of an existed ServiceAccount in this field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountName")] + pub service_account_name: Option, + /// Defines a list of ServiceRef for a Component, enabling access to both external services and Services provided by other Clusters. + /// Types of services: + /// - External services: Not managed by KubeBlocks or managed by a different KubeBlocks operator; Require a ServiceDescriptor for connection details. - Services provided by a Cluster: Managed by the same KubeBlocks operator; identified using Cluster, Component and Service names. + /// ServiceRefs with identical `serviceRef.name` in the same Cluster are considered the same. + /// Example: ```yaml serviceRefs: - name: "redis-sentinel" serviceDescriptor: name: "external-redis-sentinel" - name: "postgres-cluster" clusterServiceSelector: cluster: "my-postgres-cluster" service: component: "postgresql" ``` The example above includes ServiceRefs to an external Redis Sentinel service and a PostgreSQL Cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceRefs")] + pub service_refs: Option>, + /// ServiceVersion specifies the version of the Service expected to be provisioned by this Component. The version should follow the syntax and semantics of the "Semantic Versioning" specification (http://semver.org/). If no version is specified, the latest available version will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceVersion")] + pub service_version: Option, + /// Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub services: Option>, + /// Defines the strategy for switchover and failover when workloadType is Replication. + /// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "switchPolicy")] + pub switch_policy: Option, + /// Overrides system accounts defined in referenced ComponentDefinition. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "systemAccounts")] + pub system_accounts: Option>, + /// A boolean flag that indicates whether the Component should use Transport Layer Security (TLS) for secure communication. When set to true, the Component will be configured to use TLS encryption for its network connections. This ensures that the data transmitted between the Component and its clients or other Components is encrypted and protected from unauthorized access. If TLS is enabled, the Component may require additional configuration, such as specifying TLS certificates and keys, to properly set up the secure communication channel. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tls: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + /// Deprecated since v0.10, replaced by the `schedulingPolicy` field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, + /// Defines the update strategy for the Component. + /// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateStrategy")] + pub update_strategy: Option, + /// Allows users to specify custom ConfigMaps and Secrets to be mounted as volumes in the Cluster's Pods. This is useful in scenarios where users need to provide additional resources to the Cluster, such as: + /// - Mounting custom scripts or configuration files during Cluster startup. - Mounting Secrets as volumes to provide sensitive information, like S3 AK/SK, to the Cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userResourceRefs")] + pub user_resource_refs: Option, + /// Specifies a list of PersistentVolumeClaim templates that represent the storage requirements for the Component. Each template specifies the desired characteristics of a persistent volume, such as storage class, size, and access modes. These templates are used to dynamically provision persistent volumes for the Component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] + pub volume_claim_templates: Option>, +} + +/// Specifies a group of affinity scheduling rules for the Component. It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. +/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateAffinity { + /// Indicates the node labels that must be present on nodes for pods to be scheduled on them. It is a map where the keys are the label keys and the values are the corresponding label values. Pods will only be scheduled on nodes that have all the specified labels with the corresponding values. + /// For example, if NodeLabels is set to {"nodeType": "ssd", "environment": "production"}, pods will only be scheduled on nodes that have both the "nodeType" label with value "ssd" and the "environment" label with value "production". + /// This field allows users to control Pod placement based on specific node labels. It can be used to ensure that Pods are scheduled on nodes with certain characteristics, such as specific hardware (e.g., SSD), environment (e.g., production, staging), or any other custom labels assigned to nodes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeLabels")] + pub node_labels: Option>, + /// Specifies the anti-affinity level of Pods within a Component. It determines how pods should be spread across nodes to improve availability and performance. It can have the following values: `Preferred` and `Required`. The default value is `Preferred`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, + /// Determines the level of resource isolation between Pods. It can have the following values: `SharedNode` and `DedicatedNode`. + /// - SharedNode: Allow that multiple Pods may share the same node, which is the default behavior of K8s. - DedicatedNode: Each Pod runs on a dedicated node, ensuring that no two Pods share the same node. In other words, if a Pod is already running on a node, no other Pods will be scheduled on that node. Which provides a higher level of isolation and resource guarantee for Pods. + /// The default value is `SharedNode`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tenancy: Option, + /// Represents the key of node labels used to define the topology domain for Pod anti-affinity and Pod spread constraints. + /// In K8s, a topology domain is a set of nodes that have the same value for a specific label key. Nodes with labels containing any of the specified TopologyKeys and identical values are considered to be in the same topology domain. + /// Note: The concept of topology in the context of K8s TopologyKeys is different from the concept of topology in the ClusterDefinition. + /// When a Pod has anti-affinity or spread constraints specified, Kubernetes will attempt to schedule the Pod on nodes with different values for the specified TopologyKeys. This ensures that Pods are spread across different topology domains, promoting high availability and reducing the impact of node failures. + /// Some well-known label keys, such as `kubernetes.io/hostname` and `topology.kubernetes.io/zone`, are often used as TopologyKey. These keys represent the hostname and zone of a node, respectively. By including these keys in the TopologyKeys list, Pods will be spread across nodes with different hostnames or zones. + /// In addition to the well-known keys, users can also specify custom label keys as TopologyKeys. This allows for more flexible and custom topology definitions based on the specific needs of the application or environment. + /// The TopologyKeys field is a slice of strings, where each string represents a label key. The order of the keys in the slice does not matter. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologyKeys")] + pub topology_keys: Option>, +} + +/// Specifies a group of affinity scheduling rules for the Component. It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. +/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterShardingSpecsTemplateAffinityPodAntiAffinity { + Preferred, + Required, +} + +/// Specifies a group of affinity scheduling rules for the Component. It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. +/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterShardingSpecsTemplateAffinityTenancy { + SharedNode, + DedicatedNode, +} + +/// ClusterComponentConfig represents a config with its source bound. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateConfigs { + /// ConfigMap source for the config. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// The name of the config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// ConfigMap source for the config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateConfigsConfigMap { + /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub instances: Option>, - /// Specifies the configuration for the TLS certificates issuer. It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. Required when TLS is enabled. + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] - pub issuer: Option, - /// Deprecated since v0.9 Determines whether metrics exporter information is annotated on the Component's headless Service. - /// If set to true, the following annotations will be patched into the Service: - /// - "monitor.kubeblocks.io/path" - "monitor.kubeblocks.io/port" - "monitor.kubeblocks.io/scheme" - /// These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter. + pub optional: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateConfigsConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub monitor: Option, - /// Specifies the Component's name. It's part of the Service DNS name and must comply with the IANA service naming rule. The name is optional when ClusterComponentSpec is used as a template (e.g., in `shardingSpec`), but required otherwise. - /// TODO +kubebuilder:validation:XValidation:rule="self == oldSelf",message="name is immutable" + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, +} + +/// InstanceTemplate allows customization of individual replica configurations in a Component. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstances { + /// Specifies a map of key-value pairs to be merged into the Pod's existing annotations. Existing keys will have their values overwritten, while new keys will be added to the annotations. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specifies the names of instances to be transitioned to offline status. - /// Marking an instance as offline results in the following: - /// 1. The associated Pod is stopped, and its PersistentVolumeClaim (PVC) is retained for potential future reuse or data recovery, but it is no longer actively used. 2. The ordinal number assigned to this instance is preserved, ensuring it remains unique and avoiding conflicts with new instances. - /// Setting instances to offline allows for a controlled scale-in process, preserving their data and maintaining ordinal consistency within the Cluster. Note that offline instances and their associated resources, such as PVCs, are not automatically deleted. The administrator must manually manage the cleanup and removal of these resources when they are no longer needed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "offlineInstances")] - pub offline_instances: Option>, - /// Specifies the desired number of replicas in the Component for enhancing availability and durability, or load balancing. - pub replicas: i32, - /// Specifies the resources required by the Component. It allows defining the CPU, memory requirements and limits for the Component's containers. + pub annotations: Option>, + /// Defines Env to override. Add new or override existing envs. #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, + pub env: Option>, + /// Specifies an override for the first container's image in the Pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, + /// Specifies a map of key-value pairs that will be merged into the Pod's existing labels. Values for existing keys will be overwritten, and new keys will be added. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns. + pub name: String, + /// Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub replicas: Option, + /// Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, /// Specifies the scheduling policy for the Component. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingPolicy")] - pub scheduling_policy: Option, - /// Specifies the name of the ServiceAccount required by the running Component. This ServiceAccount is used to grant necessary permissions for the Component's Pods to interact with other Kubernetes resources, such as modifying Pod labels or sending events. - /// Defaults: If not specified, KubeBlocks automatically assigns a default ServiceAccount named "kb-{cluster.name}", bound to a default role installed together with KubeBlocks. - /// Future Changes: Future versions might change the default ServiceAccount creation strategy to one per Component, potentially revising the naming to "kb-{cluster.name}-{component.name}". - /// Users can override the automatic ServiceAccount assignment by explicitly setting the name of an existed ServiceAccount in this field. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountName")] - pub service_account_name: Option, - /// Defines a list of ServiceRef for a Component, enabling access to both external services and Services provided by other Clusters. - /// Types of services: - /// - External services: Not managed by KubeBlocks or managed by a different KubeBlocks operator; Require a ServiceDescriptor for connection details. - Services provided by a Cluster: Managed by the same KubeBlocks operator; identified using Cluster, Component and Service names. - /// ServiceRefs with identical `serviceRef.name` in the same Cluster are considered the same. - /// Example: ```yaml serviceRefs: - name: "redis-sentinel" serviceDescriptor: name: "external-redis-sentinel" - name: "postgres-cluster" clusterServiceSelector: cluster: "my-postgres-cluster" service: component: "postgresql" ``` The example above includes ServiceRefs to an external Redis Sentinel service and a PostgreSQL Cluster. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceRefs")] - pub service_refs: Option>, - /// ServiceVersion specifies the version of the Service expected to be provisioned by this Component. The version should follow the syntax and semantics of the "Semantic Versioning" specification (http://semver.org/). If no version is specified, the latest available version will be used. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceVersion")] - pub service_version: Option, - /// Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients. + pub scheduling_policy: Option, + /// Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] + pub volume_claim_templates: Option>, + /// Defines VolumeMounts to override. Add new or override existing volume mounts of the first container in the Pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, + /// Defines Volumes to override. Add new or override existing volumes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, +} + +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnv { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnvValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + +/// Specifies the scheduling policy for the Component. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicy { + /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, + /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] + pub node_name: Option, + /// NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] + pub scheduler_name: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, + /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, +} + +/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, +} + +/// Describes node affinity scheduling rules for the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, +} + +/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub services: Option>, - /// Defines the strategy for switchover and failover when workloadType is Replication. - /// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "switchPolicy")] - pub switch_policy: Option, - /// A boolean flag that indicates whether the Component should use Transport Layer Security (TLS) for secure communication. When set to true, the Component will be configured to use TLS encryption for its network connections. This ensures that the data transmitted between the Component and its clients or other Components is encrypted and protected from unauthorized access. If TLS is enabled, the Component may require additional configuration, such as specifying TLS certificates and keys, to properly set up the secure communication channel. + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub tls: Option, - /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. - /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. - /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. - /// Deprecated since v0.10, replaced by the `schedulingPolicy` field. + pub values: Option>, +} + +/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, +} + +/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, - /// Defines the update strategy for the Component. - /// Deprecated since v0.9. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateStrategy")] - pub update_strategy: Option, - /// Allows users to specify custom ConfigMaps and Secrets to be mounted as volumes in the Cluster's Pods. This is useful in scenarios where users need to provide additional resources to the Cluster, such as: - /// - Mounting custom scripts or configuration files during Cluster startup. - Mounting Secrets as volumes to provide sensitive information, like S3 AK/SK, to the Cluster. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "userResourceRefs")] - pub user_resource_refs: Option, - /// Specifies a list of PersistentVolumeClaim templates that represent the storage requirements for the Component. Each template specifies the desired characteristics of a persistent volume, such as storage class, size, and access modes. These templates are used to dynamically provision persistent volumes for the Component. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] - pub volume_claim_templates: Option>, + pub values: Option>, } -/// Specifies a group of affinity scheduling rules for the Component. It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. -/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateAffinity { - /// Indicates the node labels that must be present on nodes for pods to be scheduled on them. It is a map where the keys are the label keys and the values are the corresponding label values. Pods will only be scheduled on nodes that have all the specified labels with the corresponding values. - /// For example, if NodeLabels is set to {"nodeType": "ssd", "environment": "production"}, pods will only be scheduled on nodes that have both the "nodeType" label with value "ssd" and the "environment" label with value "production". - /// This field allows users to control Pod placement based on specific node labels. It can be used to ensure that Pods are scheduled on nodes with certain characteristics, such as specific hardware (e.g., SSD), environment (e.g., production, staging), or any other custom labels assigned to nodes. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeLabels")] - pub node_labels: Option>, - /// Specifies the anti-affinity level of Pods within a Component. It determines how pods should be spread across nodes to improve availability and performance. It can have the following values: `Preferred` and `Required`. The default value is `Preferred`. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] - pub pod_anti_affinity: Option, - /// Determines the level of resource isolation between Pods. It can have the following values: `SharedNode` and `DedicatedNode`. - /// - SharedNode: Allow that multiple Pods may share the same node, which is the default behavior of K8s. - DedicatedNode: Each Pod runs on a dedicated node, ensuring that no two Pods share the same node. In other words, if a Pod is already running on a node, no other Pods will be scheduled on that node. Which provides a higher level of isolation and resource guarantee for Pods. - /// The default value is `SharedNode`. +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub tenancy: Option, - /// Represents the key of node labels used to define the topology domain for Pod anti-affinity and Pod spread constraints. - /// In K8s, a topology domain is a set of nodes that have the same value for a specific label key. Nodes with labels containing any of the specified TopologyKeys and identical values are considered to be in the same topology domain. - /// Note: The concept of topology in the context of K8s TopologyKeys is different from the concept of topology in the ClusterDefinition. - /// When a Pod has anti-affinity or spread constraints specified, Kubernetes will attempt to schedule the Pod on nodes with different values for the specified TopologyKeys. This ensures that Pods are spread across different topology domains, promoting high availability and reducing the impact of node failures. - /// Some well-known label keys, such as `kubernetes.io/hostname` and `topology.kubernetes.io/zone`, are often used as TopologyKey. These keys represent the hostname and zone of a node, respectively. By including these keys in the TopologyKeys list, Pods will be spread across nodes with different hostnames or zones. - /// In addition to the well-known keys, users can also specify custom label keys as TopologyKeys. This allows for more flexible and custom topology definitions based on the specific needs of the application or environment. - /// The TopologyKeys field is a slice of strings, where each string represents a label key. The order of the keys in the slice does not matter. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologyKeys")] - pub topology_keys: Option>, + pub values: Option>, } -/// Specifies a group of affinity scheduling rules for the Component. It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. -/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterShardingSpecsTemplateAffinityPodAntiAffinity { - Preferred, - Required, +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, } -/// Specifies a group of affinity scheduling rules for the Component. It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. -/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterShardingSpecsTemplateAffinityTenancy { - SharedNode, - DedicatedNode, +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, } -/// ClusterComponentConfig represents a config with its source bound. +/// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateConfigs { - /// ConfigMap source for the config. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, - /// The name of the config. +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// ConfigMap source for the config. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateConfigsConfigMap { - /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// optional specify whether the ConfigMap or its keys must be defined + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// Maps a string key to a path within a volume. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateConfigsConfigMapItems { - /// key is the key to project. +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - pub path: String, + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, } -/// InstanceTemplate allows customization of individual replica configurations in a Component. +/// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstances { - /// Specifies a map of key-value pairs to be merged into the Pod's existing annotations. Existing keys will have their values overwritten, while new keys will be added to the annotations. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, - /// Defines Env to override. Add new or override existing envs. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub env: Option>, - /// Specifies an override for the first container's image in the Pod. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub image: Option, - /// Specifies a map of key-value pairs that will be merged into the Pod's existing labels. Values for existing keys will be overwritten, and new keys will be added. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub labels: Option>, - /// Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns. - pub name: String, - /// Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. - /// Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in "Pending" state until the node is available or the Pod is deleted. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] - pub node_name: Option, - /// Defines NodeSelector to override. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] - pub node_selector: Option>, - /// Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub replicas: Option, - /// Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, - /// Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] - pub volume_claim_templates: Option>, - /// Defines VolumeMounts to override. Add new or override existing volume mounts of the first container in the Pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] - pub volume_mounts: Option>, - /// Defines Volumes to override. Add new or override existing volumes. +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub volumes: Option>, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// EnvVar represents an environment variable present in a Container. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnv { - /// Name of the environment variable. Must be a C_IDENTIFIER. - pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - /// Source for the environment variable's value. Cannot be used if value is not empty. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, + pub values: Option>, } -/// Source for the environment variable's value. Cannot be used if value is not empty. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnvValueFrom { - /// Selects a key of a ConfigMap. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] - pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] - pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] - pub resource_field_ref: Option, - /// Selects a key of a secret in the pod's namespace - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// Selects a key of a ConfigMap. +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromConfigMapKeyRef { - /// The key to select. +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the ConfigMap or its key must be defined + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + pub values: Option>, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromFieldRef { - /// Version of the schema the FieldPath is written in terms of, defaults to "v1". - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] - pub api_version: Option, - /// Path of the field to select in the specified API version. - #[serde(rename = "fieldPath")] - pub field_path: String, +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromResourceFieldRef { - /// Container name: required for volumes, optional for env vars - #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] - pub container_name: Option, - /// Specifies the output format of the exposed resources, defaults to "1" - #[serde(default, skip_serializing_if = "Option::is_none")] - pub divisor: Option, - /// Required: resource to select - pub resource: String, +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// Selects a key of a secret in the pod's namespace +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromSecretKeyRef { - /// The key of the secret to select from. Must be a valid secret key. +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + pub values: Option>, } -/// Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub requests: Option>, +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// ResourceClaim references one entry in PodSpec.ResourceClaims. +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. - pub name: String, +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesTolerations { +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTolerations { /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, @@ -3488,6 +4453,63 @@ pub struct ClusterShardingSpecsTemplateInstancesTolerations { pub value: Option, } +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, +} + +/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterShardingSpecsTemplateInstancesVolumeClaimTemplates { /// Refers to the name of a volumeMount defined in either: @@ -5209,6 +6231,60 @@ pub enum ClusterShardingSpecsTemplateSwitchPolicyType { Noop, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateSystemAccounts { + /// The name of the system account. + pub name: String, + /// Specifies the policy for generating the account's password. + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordConfig")] + pub password_config: Option, + /// Refers to the secret from which data will be copied to create the new account. + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, +} + +/// Specifies the policy for generating the account's password. +/// This field is immutable once set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateSystemAccountsPasswordConfig { + /// The length of the password. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub length: Option, + /// The case of the letters in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "letterCase")] + pub letter_case: Option, + /// The number of digits in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "numDigits")] + pub num_digits: Option, + /// The number of symbols in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "numSymbols")] + pub num_symbols: Option, + /// Seed to generate the account's password. Cannot be updated. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub seed: Option, +} + +/// Specifies the policy for generating the account's password. +/// This field is immutable once set. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterShardingSpecsTemplateSystemAccountsPasswordConfigLetterCase { + LowerCases, + UpperCases, + MixedCases, +} + +/// Refers to the secret from which data will be copied to create the new account. +/// This field is immutable once set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateSystemAccountsSecretRef { + /// The unique identifier of the secret. + pub name: String, + /// The namespace where the secret is located. + pub namespace: String, +} + /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterShardingSpecsTemplateTolerations { diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/components.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/components.rs index 24cf52016..085673c6e 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/components.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/components.rs @@ -82,6 +82,9 @@ pub struct ComponentSpec { /// Overrides Services defined in referenced ComponentDefinition and exposes endpoints that can be accessed by clients. #[serde(default, skip_serializing_if = "Option::is_none")] pub services: Option>, + /// Overrides system accounts defined in referenced ComponentDefinition. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "systemAccounts")] + pub system_accounts: Option>, /// Specifies the TLS configuration for the Component, including: /// - A boolean flag that indicates whether the Component should use Transport Layer Security (TLS) for secure communication. - An optional field that specifies the configuration for the TLS certificates issuer when TLS is enabled. It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] @@ -198,22 +201,15 @@ pub struct ComponentInstances { pub labels: Option>, /// Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns. pub name: String, - /// Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. - /// Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in "Pending" state until the node is available or the Pod is deleted. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] - pub node_name: Option, - /// Defines NodeSelector to override. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] - pub node_selector: Option>, /// Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, /// Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, + /// Specifies the scheduling policy for the Component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingPolicy")] + pub scheduling_policy: Option, /// Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] pub volume_claim_templates: Option>, @@ -328,9 +324,440 @@ pub struct ComponentInstancesResourcesClaims { pub name: String, } +/// Specifies the scheduling policy for the Component. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicy { + /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, + /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] + pub node_name: Option, + /// NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] + pub scheduler_name: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, + /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, +} + +/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, +} + +/// Describes node affinity scheduling rules for the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, +} + +/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: ComponentInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, +} + +/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ComponentInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ComponentInstancesTolerations { +pub struct ComponentInstancesSchedulingPolicyTolerations { /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, @@ -348,6 +775,63 @@ pub struct ComponentInstancesTolerations { pub value: Option, } +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, +} + +/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentInstancesVolumeClaimTemplates { /// Refers to the name of a volumeMount defined in either: @@ -2146,6 +2630,60 @@ pub struct ComponentServicesSpecSessionAffinityConfigClientIp { pub timeout_seconds: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentSystemAccounts { + /// The name of the system account. + pub name: String, + /// Specifies the policy for generating the account's password. + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordConfig")] + pub password_config: Option, + /// Refers to the secret from which data will be copied to create the new account. + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, +} + +/// Specifies the policy for generating the account's password. +/// This field is immutable once set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentSystemAccountsPasswordConfig { + /// The length of the password. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub length: Option, + /// The case of the letters in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "letterCase")] + pub letter_case: Option, + /// The number of digits in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "numDigits")] + pub num_digits: Option, + /// The number of symbols in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "numSymbols")] + pub num_symbols: Option, + /// Seed to generate the account's password. Cannot be updated. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub seed: Option, +} + +/// Specifies the policy for generating the account's password. +/// This field is immutable once set. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ComponentSystemAccountsPasswordConfigLetterCase { + LowerCases, + UpperCases, + MixedCases, +} + +/// Refers to the secret from which data will be copied to create the new account. +/// This field is immutable once set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentSystemAccountsSecretRef { + /// The unique identifier of the secret. + pub name: String, + /// The namespace where the secret is located. + pub namespace: String, +} + /// Specifies the TLS configuration for the Component, including: /// - A boolean flag that indicates whether the Component should use Transport Layer Security (TLS) for secure communication. - An optional field that specifies the configuration for the TLS certificates issuer when TLS is enabled. It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/opsrequests.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/opsrequests.rs index 94b8f8b1e..8ff473f57 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/opsrequests.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/opsrequests.rs @@ -48,7 +48,7 @@ pub struct OpsRequestSpec { /// Note: Once set, the `force` field is immutable and cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub force: Option, - /// Lists HorizontalScaling objects, each specifying scaling requirements for a Component, including desired total replica counts, configurations for new instances, modifications for existing instances, and instance downscaling options. + /// Lists HorizontalScaling objects, each specifying scaling requirements for a Component, including desired replica changes, configurations for new instances, modifications for existing instances, and take offline/online the specified instances. #[serde(default, skip_serializing_if = "Option::is_none", rename = "horizontalScaling")] pub horizontal_scaling: Option>, /// Specifies the maximum time in seconds that the OpsRequest will wait for its pre-conditions to be met before it aborts the operation. If set to 0 (default), pre-conditions must be satisfied immediately for the OpsRequest to proceed. @@ -298,27 +298,77 @@ pub struct OpsRequestHorizontalScaling { /// Specifies the name of the Component. #[serde(rename = "componentName")] pub component_name: String, - /// Contains a list of InstanceTemplate objects. Each InstanceTemplate object allows for modifying replica counts or specifying configurations for new instances during scaling. - /// The field supports two main use cases: - /// - Modifying replica count: Specify the desired replica count for existing instances with a particular configuration using Name and Replicas fields. To modify the replica count, the Name and Replicas fields of the InstanceTemplate object should be provided. Only these fields are used for matching and adjusting replicas; other fields are ignored. The Replicas value overrides any existing count. - Configuring new instances: Define the configuration for new instances added during scaling, including resource requirements, labels, annotations, etc. New instances are created based on the provided InstanceTemplate. + /// Deprecated: since v0.9, use scaleOut and scaleIn instead. Specifies the number of replicas for the component. Cannot be used with "scaleIn" and "scaleOut". #[serde(default, skip_serializing_if = "Option::is_none")] - pub instances: Option>, - /// Specifies the names of instances to be scaled down. This provides control over which specific instances are targeted for termination when reducing the replica count. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "offlineInstances")] - pub offline_instances: Option>, - /// Specifies the number of total replicas. - pub replicas: i32, + pub replicas: Option, + /// Specifies the replica changes for scaling in components and instance templates, and takes specified instances offline. Can be used in conjunction with the "scaleOut" operation. Note: Any configuration that creates instances is considered invalid. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIn")] + pub scale_in: Option, + /// Specifies the replica changes for scaling out components and instance templates, and brings offline instances back online. Can be used in conjunction with the "scaleIn" operation. Note: Any configuration that deletes instances is considered invalid. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleOut")] + pub scale_out: Option, +} + +/// Specifies the replica changes for scaling in components and instance templates, and takes specified instances offline. Can be used in conjunction with the "scaleOut" operation. Note: Any configuration that creates instances is considered invalid. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleIn { + /// Modifies the desired replicas count for existing InstanceTemplate. if the inst + #[serde(default, skip_serializing_if = "Option::is_none")] + pub instances: Option>, + /// Specifies the instance names that need to be taken offline. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "onlineInstancesToOffline")] + pub online_instances_to_offline: Option>, + /// Specifies the replica changes for the component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "replicaChanges")] + pub replica_changes: Option, +} + +/// InstanceReplicasTemplate defines the template for instance replicas. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleInInstances { + /// Specifies the name of the instance template. + pub name: String, + /// Specifies the replica changes for the instance template. + #[serde(rename = "replicaChanges")] + pub replica_changes: i32, +} + +/// Specifies the replica changes for scaling out components and instance templates, and brings offline instances back online. Can be used in conjunction with the "scaleIn" operation. Note: Any configuration that deletes instances is considered invalid. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOut { + /// Modifies the desired replicas count for existing InstanceTemplate. if the inst + #[serde(default, skip_serializing_if = "Option::is_none")] + pub instances: Option>, + /// Defines the configuration for new instances added during scaling, including resource requirements, labels, annotations, etc. New instances are created based on the provided instance templates. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "newInstances")] + pub new_instances: Option>, + /// Specifies the instances in the offline list to bring back online. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "offlineInstancesToOnline")] + pub offline_instances_to_online: Option>, + /// Specifies the replica changes for the component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "replicaChanges")] + pub replica_changes: Option, +} + +/// InstanceReplicasTemplate defines the template for instance replicas. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutInstances { + /// Specifies the name of the instance template. + pub name: String, + /// Specifies the replica changes for the instance template. + #[serde(rename = "replicaChanges")] + pub replica_changes: i32, } /// InstanceTemplate allows customization of individual replica configurations in a Component. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstances { +pub struct OpsRequestHorizontalScalingScaleOutNewInstances { /// Specifies a map of key-value pairs to be merged into the Pod's existing annotations. Existing keys will have their values overwritten, while new keys will be added to the annotations. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, /// Defines Env to override. Add new or override existing envs. #[serde(default, skip_serializing_if = "Option::is_none")] - pub env: Option>, + pub env: Option>, /// Specifies an override for the first container's image in the Pod. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, @@ -327,36 +377,29 @@ pub struct OpsRequestHorizontalScalingInstances { pub labels: Option>, /// Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns. pub name: String, - /// Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. - /// Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in "Pending" state until the node is available or the Pod is deleted. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] - pub node_name: Option, - /// Defines NodeSelector to override. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] - pub node_selector: Option>, /// Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, /// Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container. #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, + pub resources: Option, + /// Specifies the scheduling policy for the Component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingPolicy")] + pub scheduling_policy: Option, /// Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] - pub volume_claim_templates: Option>, + pub volume_claim_templates: Option>, /// Defines VolumeMounts to override. Add new or override existing volume mounts of the first container in the Pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] - pub volume_mounts: Option>, + pub volume_mounts: Option>, /// Defines Volumes to override. Add new or override existing volumes. #[serde(default, skip_serializing_if = "Option::is_none")] - pub volumes: Option>, + pub volumes: Option>, } /// EnvVar represents an environment variable present in a Container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesEnv { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". @@ -364,29 +407,29 @@ pub struct OpsRequestHorizontalScalingInstancesEnv { pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, + pub value_from: Option, } /// Source for the environment variable's value. Cannot be used if value is not empty. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesEnvValueFrom { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] - pub config_map_key_ref: Option, + pub config_map_key_ref: Option, /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] - pub field_ref: Option, + pub field_ref: Option, /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] - pub resource_field_ref: Option, + pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, + pub secret_key_ref: Option, } /// Selects a key of a ConfigMap. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesEnvValueFromConfigMapKeyRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -399,7 +442,7 @@ pub struct OpsRequestHorizontalScalingInstancesEnvValueFromConfigMapKeyRef { /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesEnvValueFromFieldRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, @@ -410,7 +453,7 @@ pub struct OpsRequestHorizontalScalingInstancesEnvValueFromFieldRef { /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesEnvValueFromResourceFieldRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] pub container_name: Option, @@ -423,7 +466,7 @@ pub struct OpsRequestHorizontalScalingInstancesEnvValueFromResourceFieldRef { /// Selects a key of a secret in the pod's namespace #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesEnvValueFromSecretKeyRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -436,12 +479,12 @@ pub struct OpsRequestHorizontalScalingInstancesEnvValueFromSecretKeyRef { /// Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesResources { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesResources { /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, @@ -452,322 +495,810 @@ pub struct OpsRequestHorizontalScalingInstancesResources { /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesResourcesClaims { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesResourcesClaims { /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. pub name: String, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// Specifies the scheduling policy for the Component. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicy { + /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. #[serde(default, skip_serializing_if = "Option::is_none")] - pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] - pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + pub affinity: Option, + /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] + pub node_name: Option, + /// NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] + pub scheduler_name: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, + pub tolerations: Option>, + /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, } +/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumeClaimTemplates { - /// Refers to the name of a volumeMount defined in either: - /// - `componentDefinition.spec.runtime.containers[*].volumeMounts` - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) - /// The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. - pub name: String, - /// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. - /// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub spec: Option, +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, } -/// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. -/// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. +/// Describes node affinity scheduling rules for the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumeClaimTemplatesSpec { - /// Contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] - pub access_modes: Option>, - /// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// The name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] - pub storage_class_name: Option, - /// Defines what type of volume is required by the claim, either Block or Filesystem. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] - pub volume_mode: Option, +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, } -/// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. +/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumeClaimTemplatesSpecResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub requests: Option>, +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, } -/// ResourceClaim references one entry in PodSpec.ResourceClaims. +/// A node selector term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumeClaimTemplatesSpecResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. - pub name: String, +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, } -/// VolumeMount describes a mounting of a Volume within a container. +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumeMounts { - /// Path within the container at which the volume should be mounted. Must not contain ':'. - #[serde(rename = "mountPath")] - pub mount_path: String, - /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] - pub mount_propagation: Option, - /// This must match the Name of a Volume. - pub name: String, - /// Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] - pub sub_path: Option, - /// Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] - pub sub_path_expr: Option, +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } -/// Volume represents a named volume in a pod that may be accessed by any container in the pod. +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumes { - /// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] - pub aws_elastic_block_store: Option, - /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] - pub azure_disk: Option, - /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] - pub azure_file: Option, - /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cephfs: Option, - /// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cinder: Option, - /// configMap represents a configMap that should populate this volume - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, - /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub csi: Option, - /// downwardAPI represents downward API about the pod that should populate this volume - #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] - pub downward_api: Option, - /// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] - pub empty_dir: Option, - /// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - /// A pod can use both types of ephemeral volumes and persistent volumes at the same time. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ephemeral: Option, - /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub fc: Option, - /// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] - pub flex_volume: Option, - /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flocker: Option, - /// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] - pub gce_persistent_disk: Option, - /// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] - pub git_repo: Option, - /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md - #[serde(default, skip_serializing_if = "Option::is_none")] - pub glusterfs: Option, - /// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] - pub host_path: Option, - /// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md - #[serde(default, skip_serializing_if = "Option::is_none")] - pub iscsi: Option, - /// name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - pub name: String, - /// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - #[serde(default, skip_serializing_if = "Option::is_none")] - pub nfs: Option, - /// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] - pub persistent_volume_claim: Option, - /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] - pub photon_persistent_disk: Option, - /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] - pub portworx_volume: Option, - /// projected items for all in one resources secrets, configmaps, and downward API - #[serde(default, skip_serializing_if = "Option::is_none")] - pub projected: Option, - /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime - #[serde(default, skip_serializing_if = "Option::is_none")] - pub quobyte: Option, - /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md - #[serde(default, skip_serializing_if = "Option::is_none")] - pub rbd: Option, - /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] - pub scale_io: Option, - /// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, - /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub storageos: Option, - /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] - pub vsphere_volume: Option, + pub values: Option>, } -/// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesAwsElasticBlockStore { - /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub partition: Option, - /// readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - #[serde(rename = "volumeID")] - pub volume_id: String, +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, } -/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesAzureDisk { - /// cachingMode is the Host Caching mode: None, Read Only, Read Write. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] - pub caching_mode: Option, - /// diskName is the Name of the data disk in the blob storage - #[serde(rename = "diskName")] - pub disk_name: String, - /// diskURI is the URI of data disk in the blob storage - #[serde(rename = "diskURI")] - pub disk_uri: String, - /// fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, - /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, } -/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesAzureFile { - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretName is the name of secret that contains Azure Storage Account Name and Key - #[serde(rename = "secretName")] - pub secret_name: String, - /// shareName is the azure share Name - #[serde(rename = "shareName")] - pub share_name: String, +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } -/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesCephfs { - /// monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - pub monitors: Vec, - /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - #[serde(default, skip_serializing_if = "Option::is_none")] - pub path: Option, - /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] - pub secret_file: Option, - /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub user: Option, + pub values: Option>, } -/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesCephfsSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, } -/// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesCinder { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(rename = "volumeID")] - pub volume_id: String, +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, } -/// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +/// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesCinderSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// configMap represents a configMap that should populate this volume +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesConfigMap { - /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, +} + +/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumeClaimTemplates { + /// Refers to the name of a volumeMount defined in either: + /// - `componentDefinition.spec.runtime.containers[*].volumeMounts` - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) + /// The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. + pub name: String, + /// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. + /// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spec: Option, +} + +/// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume with the mount name specified in the `name` field. +/// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumeClaimTemplatesSpec { + /// Contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] + pub access_modes: Option>, + /// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// The name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] + pub storage_class_name: Option, + /// Defines what type of volume is required by the claim, either Block or Filesystem. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] + pub volume_mode: Option, +} + +/// Represents the minimum resources the volume should have. If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumeClaimTemplatesSpecResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumeClaimTemplatesSpecResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + +/// VolumeMount describes a mounting of a Volume within a container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumeMounts { + /// Path within the container at which the volume should be mounted. Must not contain ':'. + #[serde(rename = "mountPath")] + pub mount_path: String, + /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + /// This must match the Name of a Volume. + pub name: String, + /// Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + /// Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + +/// Volume represents a named volume in a pod that may be accessed by any container in the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumes { + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] + pub aws_elastic_block_store: Option, + /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] + pub azure_disk: Option, + /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] + pub azure_file: Option, + /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cephfs: Option, + /// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cinder: Option, + /// configMap represents a configMap that should populate this volume + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub csi: Option, + /// downwardAPI represents downward API about the pod that should populate this volume + #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] + pub downward_api: Option, + /// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). + /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + /// A pod can use both types of ephemeral volumes and persistent volumes at the same time. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ephemeral: Option, + /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fc: Option, + /// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] + pub flex_volume: Option, + /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + #[serde(default, skip_serializing_if = "Option::is_none")] + pub flocker: Option, + /// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] + pub gce_persistent_disk: Option, + /// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] + pub git_repo: Option, + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub glusterfs: Option, + /// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] + pub host_path: Option, + /// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub iscsi: Option, + /// name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + pub name: String, + /// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + #[serde(default, skip_serializing_if = "Option::is_none")] + pub nfs: Option, + /// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] + pub photon_persistent_disk: Option, + /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] + pub portworx_volume: Option, + /// projected items for all in one resources secrets, configmaps, and downward API + #[serde(default, skip_serializing_if = "Option::is_none")] + pub projected: Option, + /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime + #[serde(default, skip_serializing_if = "Option::is_none")] + pub quobyte: Option, + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rbd: Option, + /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] + pub scale_io: Option, + /// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, + /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub storageos: Option, + /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] + pub vsphere_volume: Option, +} + +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesAwsElasticBlockStore { + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub partition: Option, + /// readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(rename = "volumeID")] + pub volume_id: String, +} + +/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesAzureDisk { + /// cachingMode is the Host Caching mode: None, Read Only, Read Write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] + pub caching_mode: Option, + /// diskName is the Name of the data disk in the blob storage + #[serde(rename = "diskName")] + pub disk_name: String, + /// diskURI is the URI of data disk in the blob storage + #[serde(rename = "diskURI")] + pub disk_uri: String, + /// fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesAzureFile { + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretName is the name of secret that contains Azure Storage Account Name and Key + #[serde(rename = "secretName")] + pub secret_name: String, + /// shareName is the azure share Name + #[serde(rename = "shareName")] + pub share_name: String, +} + +/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesCephfs { + /// monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + pub monitors: Vec, + /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] + pub secret_file: Option, + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesCephfsSecretRef { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesCinder { + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(rename = "volumeID")] + pub volume_id: String, +} + +/// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesCinderSecretRef { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// configMap represents a configMap that should populate this volume +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesConfigMap { + /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -778,7 +1309,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesConfigMapItems { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesConfigMapItems { /// key is the key to project. pub key: String, /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -790,7 +1321,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesConfigMapItems { /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesCsi { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesCsi { /// driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. pub driver: String, /// fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. @@ -798,7 +1329,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesCsi { pub fs_type: Option, /// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] - pub node_publish_secret_ref: Option, + pub node_publish_secret_ref: Option, /// readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, @@ -809,7 +1340,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesCsi { /// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesCsiNodePublishSecretRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesCsiNodePublishSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -817,21 +1348,21 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesCsiNodePublishSecretRef { /// downwardAPI represents downward API about the pod that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesDownwardApi { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesDownwardApi { /// Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, /// Items is a list of downward API volume file #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, + pub items: Option>, } /// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesDownwardApiItems { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesDownwardApiItems { /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] - pub field_ref: Option, + pub field_ref: Option, /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, @@ -839,12 +1370,12 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesDownwardApiItems { pub path: String, /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] - pub resource_field_ref: Option, + pub resource_field_ref: Option, } /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesDownwardApiItemsFieldRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesDownwardApiItemsFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, @@ -855,7 +1386,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesDownwardApiItemsFieldRef { /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesDownwardApiItemsResourceFieldRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesDownwardApiItemsResourceFieldRef { /// Container name: required for volumes, optional for env vars #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] pub container_name: Option, @@ -868,7 +1399,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesDownwardApiItemsResourceFi /// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesEmptyDir { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEmptyDir { /// medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none")] pub medium: Option, @@ -883,13 +1414,13 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesEmptyDir { /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. /// A pod can use both types of ephemeral volumes and persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeral { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEphemeral { /// Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). /// An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. /// This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] - pub volume_claim_template: Option, + pub volume_claim_template: Option, } /// Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). @@ -897,17 +1428,17 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeral { /// This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTemplate { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEphemeralVolumeClaimTemplate { /// May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. #[serde(default, skip_serializing_if = "Option::is_none")] - pub metadata: Option, + pub metadata: Option, /// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. - pub spec: OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTemplateSpec, + pub spec: OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEphemeralVolumeClaimTemplateSpec, } /// May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTemplateMetadata { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEphemeralVolumeClaimTemplateMetadata { #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -922,22 +1453,22 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTempla /// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTemplateSpec { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEphemeralVolumeClaimTemplateSpec { /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] - pub data_source: Option, + pub data_source: Option, /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] - pub data_source_ref: Option, + pub data_source_ref: Option, /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, + pub resources: Option, /// selector is a label query over volumes to consider for binding. #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option, + pub selector: Option, /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, @@ -951,7 +1482,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTempla /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSource { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, @@ -963,7 +1494,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTempla /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, @@ -978,12 +1509,12 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTempla /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTemplateSpecResources { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEphemeralVolumeClaimTemplateSpecResources { /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, @@ -994,17 +1525,17 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTempla /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTemplateSpecResourcesClaims { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEphemeralVolumeClaimTemplateSpecResourcesClaims { /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. pub name: String, } /// selector is a label query over volumes to consider for binding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTemplateSpecSelector { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEphemeralVolumeClaimTemplateSpecSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, @@ -1012,7 +1543,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTempla /// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTemplateSpecSelectorMatchExpressions { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesEphemeralVolumeClaimTemplateSpecSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. @@ -1024,7 +1555,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesEphemeralVolumeClaimTempla /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesFc { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesFc { /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, @@ -1044,7 +1575,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesFc { /// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesFlexVolume { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesFlexVolume { /// driver is the name of the driver to use for this volume. pub driver: String, /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. @@ -1058,12 +1589,12 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesFlexVolume { pub read_only: Option, /// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, + pub secret_ref: Option, } /// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesFlexVolumeSecretRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesFlexVolumeSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -1071,7 +1602,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesFlexVolumeSecretRef { /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesFlocker { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesFlocker { /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] pub dataset_name: Option, @@ -1082,7 +1613,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesFlocker { /// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesGcePersistentDisk { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesGcePersistentDisk { /// fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, @@ -1099,7 +1630,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesGcePersistentDisk { /// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesGitRepo { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesGitRepo { /// directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. #[serde(default, skip_serializing_if = "Option::is_none")] pub directory: Option, @@ -1112,7 +1643,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesGitRepo { /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesGlusterfs { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesGlusterfs { /// endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub endpoints: String, /// path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod @@ -1124,7 +1655,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesGlusterfs { /// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesHostPath { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesHostPath { /// path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath pub path: String, /// type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath @@ -1134,7 +1665,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesHostPath { /// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesIscsi { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesIscsi { /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] pub chap_auth_discovery: Option, @@ -1162,7 +1693,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesIscsi { pub read_only: Option, /// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, + pub secret_ref: Option, /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). #[serde(rename = "targetPortal")] pub target_portal: String, @@ -1170,7 +1701,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesIscsi { /// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesIscsiSecretRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesIscsiSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -1178,7 +1709,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesIscsiSecretRef { /// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesNfs { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesNfs { /// path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub path: String, /// readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs @@ -1190,7 +1721,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesNfs { /// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesPersistentVolumeClaim { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesPersistentVolumeClaim { /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(rename = "claimName")] pub claim_name: String, @@ -1201,7 +1732,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesPersistentVolumeClaim { /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesPhotonPersistentDisk { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesPhotonPersistentDisk { /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, @@ -1212,7 +1743,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesPhotonPersistentDisk { /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesPortworxVolume { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesPortworxVolume { /// fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, @@ -1226,38 +1757,38 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesPortworxVolume { /// projected items for all in one resources secrets, configmaps, and downward API #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesProjected { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesProjected { /// defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, /// sources is the list of volume projections #[serde(default, skip_serializing_if = "Option::is_none")] - pub sources: Option>, + pub sources: Option>, } /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSources { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesProjectedSources { /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// downwardAPI information about the downwardAPI data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] - pub downward_api: Option, + pub downward_api: Option, /// secret information about the secret data to project #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, /// serviceAccountToken is information about the serviceAccountToken data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] - pub service_account_token: Option, + pub service_account_token: Option, } /// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesConfigMap { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesProjectedSourcesConfigMap { /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, + pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -1268,7 +1799,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesConfigMap /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesConfigMapItems { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesProjectedSourcesConfigMapItems { /// key is the key to project. pub key: String, /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -1280,18 +1811,18 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesConfigMapI /// downwardAPI information about the downwardAPI data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesDownwardApi { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesProjectedSourcesDownwardApi { /// Items is a list of DownwardAPIVolume file #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, + pub items: Option>, } /// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesDownwardApiItems { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesProjectedSourcesDownwardApiItems { /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] - pub field_ref: Option, + pub field_ref: Option, /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, @@ -1299,12 +1830,12 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesDownwardAp pub path: String, /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] - pub resource_field_ref: Option, + pub resource_field_ref: Option, } /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesDownwardApiItemsFieldRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesProjectedSourcesDownwardApiItemsFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, @@ -1315,7 +1846,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesDownwardAp /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { /// Container name: required for volumes, optional for env vars #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] pub container_name: Option, @@ -1328,10 +1859,10 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesDownwardAp /// secret information about the secret data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesSecret { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesProjectedSourcesSecret { /// items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, + pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -1342,7 +1873,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesSecretItems { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesProjectedSourcesSecretItems { /// key is the key to project. pub key: String, /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -1354,7 +1885,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesSecretItem /// serviceAccountToken is information about the serviceAccountToken data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesServiceAccountToken { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesProjectedSourcesServiceAccountToken { /// audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, @@ -1367,7 +1898,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesProjectedSourcesServiceAcc /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesQuobyte { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesQuobyte { /// group to map volume access to Default is no group #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, @@ -1388,7 +1919,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesQuobyte { /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesRbd { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesRbd { /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, @@ -1407,7 +1938,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesRbd { pub read_only: Option, /// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, + pub secret_ref: Option, /// user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, @@ -1415,7 +1946,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesRbd { /// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesRbdSecretRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesRbdSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -1423,7 +1954,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesRbdSecretRef { /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesScaleIo { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesScaleIo { /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, @@ -1437,7 +1968,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesScaleIo { pub read_only: Option, /// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. #[serde(rename = "secretRef")] - pub secret_ref: OpsRequestHorizontalScalingInstancesVolumesScaleIoSecretRef, + pub secret_ref: OpsRequestHorizontalScalingScaleOutNewInstancesVolumesScaleIoSecretRef, /// sslEnabled Flag enable/disable SSL communication with Gateway, default false #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] pub ssl_enabled: Option, @@ -1456,7 +1987,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesScaleIo { /// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesScaleIoSecretRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesScaleIoSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -1464,13 +1995,13 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesScaleIoSecretRef { /// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesSecret { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesSecret { /// defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, /// items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, + pub items: Option>, /// optional field specify whether the Secret or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, @@ -1481,7 +2012,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesSecretItems { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesSecretItems { /// key is the key to project. pub key: String, /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -1493,7 +2024,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesSecretItems { /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesStorageos { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesStorageos { /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, @@ -1502,7 +2033,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesStorageos { pub read_only: Option, /// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, + pub secret_ref: Option, /// volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, @@ -1513,7 +2044,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesStorageos { /// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesStorageosSecretRef { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesStorageosSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -1521,7 +2052,7 @@ pub struct OpsRequestHorizontalScalingInstancesVolumesStorageosSecretRef { /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestHorizontalScalingInstancesVolumesVsphereVolume { +pub struct OpsRequestHorizontalScalingScaleOutNewInstancesVolumesVsphereVolume { /// fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, @@ -2324,22 +2855,15 @@ pub struct OpsRequestStatusLastConfigurationComponentsInstances { pub labels: Option>, /// Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns. pub name: String, - /// Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. - /// Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in "Pending" state until the node is available or the Pod is deleted. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] - pub node_name: Option, - /// Defines NodeSelector to override. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] - pub node_selector: Option>, /// Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the Component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, /// Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, + /// Specifies the scheduling policy for the Component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingPolicy")] + pub scheduling_policy: Option, /// Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] pub volume_claim_templates: Option>, @@ -2454,9 +2978,440 @@ pub struct OpsRequestStatusLastConfigurationComponentsInstancesResourcesClaims { pub name: String, } +/// Specifies the scheduling policy for the Component. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicy { + /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, + /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] + pub node_name: Option, + /// NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] + pub scheduler_name: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, + /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, +} + +/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, +} + +/// Describes node affinity scheduling rules for the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, +} + +/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, +} + +/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OpsRequestStatusLastConfigurationComponentsInstancesTolerations { +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyTolerations { /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, @@ -2474,6 +3429,63 @@ pub struct OpsRequestStatusLastConfigurationComponentsInstancesTolerations { pub value: Option, } +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, +} + +/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpsRequestStatusLastConfigurationComponentsInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpsRequestStatusLastConfigurationComponentsInstancesVolumeClaimTemplates { /// Refers to the name of a volumeMount defined in either: diff --git a/kube-custom-resources-rs/src/awx_ansible_com/v1beta1/awxs.rs b/kube-custom-resources-rs/src/awx_ansible_com/v1beta1/awxs.rs index 095339b92..1c1fe6457 100644 --- a/kube-custom-resources-rs/src/awx_ansible_com/v1beta1/awxs.rs +++ b/kube-custom-resources-rs/src/awx_ansible_com/v1beta1/awxs.rs @@ -427,6 +427,9 @@ pub struct AWXSpec { /// Number of seconds to wait for a probe response from task pod #[serde(default, skip_serializing_if = "Option::is_none")] pub task_liveness_timeout: Option, + /// Enables operator control of replicas count for the task deployment when set to 'true' + #[serde(default, skip_serializing_if = "Option::is_none")] + pub task_manage_replicas: Option, /// nodeSelector for the task pods #[serde(default, skip_serializing_if = "Option::is_none")] pub task_node_selector: Option, @@ -499,6 +502,9 @@ pub struct AWXSpec { /// Number of seconds to wait for a probe response from web pod #[serde(default, skip_serializing_if = "Option::is_none")] pub web_liveness_timeout: Option, + /// Enables operator control of replicas count for the web deployment when set to 'true' + #[serde(default, skip_serializing_if = "Option::is_none")] + pub web_manage_replicas: Option, /// nodeSelector for the web pods #[serde(default, skip_serializing_if = "Option::is_none")] pub web_node_selector: Option, diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs index af1bc287b..476848c54 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs @@ -85,7 +85,7 @@ pub struct ConfigurationSpec { pub timeouts: Option, } -/// Catch defines actions to be executed on failure. +/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationCatch { /// Command defines a command to run. diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs index dc69a7069..c3b8d2341 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs @@ -78,7 +78,7 @@ pub struct TestBindings { pub value: serde_json::Value, } -/// Catch defines actions to be executed on failure. +/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestCatch { /// Command defines a command to run. @@ -698,7 +698,7 @@ pub struct TestStepsBindings { pub value: serde_json::Value, } -/// Catch defines actions to be executed on failure. +/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestStepsCatch { /// Command defines a command to run. @@ -1244,7 +1244,7 @@ pub struct TestStepsCatchWaitForJsonPath { pub value: String, } -/// Finally defines actions to be executed at the end of a test. +/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestStepsCleanup { /// Command defines a command to run. @@ -1809,7 +1809,7 @@ pub enum TestStepsDeletionPropagationPolicy { Foreground, } -/// Finally defines actions to be executed at the end of a test. +/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestStepsFinally { /// Command defines a command to run. @@ -2401,6 +2401,9 @@ pub struct TestStepsTry { /// Delete represents a deletion operation. #[serde(default, skip_serializing_if = "Option::is_none")] pub delete: Option, + /// Describe determines the resource describe collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub describe: Option, /// Description contains a description of the operation. #[serde(default, skip_serializing_if = "Option::is_none")] pub description: Option, @@ -2408,9 +2411,18 @@ pub struct TestStepsTry { /// will consider them as expected; otherwise, they will be treated as test failures. #[serde(default, skip_serializing_if = "Option::is_none")] pub error: Option, + /// Events determines the events collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub events: Option, + /// Get determines the resource get collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub get: Option, /// Patch represents a patch operation. #[serde(default, skip_serializing_if = "Option::is_none")] pub patch: Option, + /// PodLogs determines the pod logs collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podLogs")] + pub pod_logs: Option, /// Script defines a script to run. #[serde(default, skip_serializing_if = "Option::is_none")] pub script: Option, @@ -2806,6 +2818,51 @@ pub struct TestStepsTryDeleteRef { pub namespace: Option, } +/// Describe determines the resource describe collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryDescribe { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Show Events indicates whether to include related events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "showEvents")] + pub show_events: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryDescribeClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + /// Error represents the expected errors for this test step. If any of these errors occur, the test /// will consider them as expected; otherwise, they will be treated as test failures. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2855,6 +2912,90 @@ pub struct TestStepsTryErrorClusters { pub kubeconfig: Option, } +/// Events determines the events collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryEvents { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryEventsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Get determines the resource get collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryGet { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryGetClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + /// Patch represents a patch operation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestStepsTryPatch { @@ -2935,6 +3076,50 @@ pub struct TestStepsTryPatchOutputs { pub value: serde_json::Value, } +/// PodLogs determines the pod logs collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryPodLogs { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Container in pod to get logs from else --all-containers is used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub container: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Tail is the number of last lines to collect from pods. If omitted or zero, + /// then the default is 10 if you use a selector, or -1 (all) if you use a pod name. + /// This matches default behavior of `kubectl logs`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tail: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryPodLogsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + /// Script defines a script to run. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestStepsTryScript { diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs index ede3a3dbb..bc53fc664 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs @@ -115,7 +115,7 @@ pub struct ConfigurationError { pub catch: Option>, } -/// Catch defines actions to be executed on failure. +/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationErrorCatch { /// Command defines a command to run. diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/mod.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/mod.rs index c6bd1c59a..1942ebc41 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/mod.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/mod.rs @@ -1 +1,2 @@ pub mod configurations; +pub mod tests; diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs new file mode 100644 index 000000000..99c571ade --- /dev/null +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs @@ -0,0 +1,3440 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.20.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use std::collections::BTreeMap; +} +use self::prelude::*; + +/// Test spec. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "chainsaw.kyverno.io", version = "v1alpha2", kind = "Test", plural = "tests")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct TestSpec { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cleanup contains cleanup configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cleanup: Option, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Deletion contains the global deletion configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deletion: Option, + /// Description contains a description of the test. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// Error contains the global error configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, + /// Execution contains tests execution configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub execution: Option, + /// Namespace contains properties for the namespace to use for tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Steps defining the test. + pub steps: Vec, + /// Templating contains the templating config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub templating: Option, + /// Timeouts for the test. Overrides the global timeouts set in the Configuration on a per operation basis. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeouts: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Cleanup contains cleanup configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestCleanup { + /// DelayBeforeCleanup adds a delay between the time a test ends and the time cleanup starts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "delayBeforeCleanup")] + pub delay_before_cleanup: Option, + /// If set, do not delete the resources after running a test. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipDelete")] + pub skip_delete: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Deletion contains the global deletion configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestDeletion { + /// Propagation decides if a deletion will propagate to the dependents of + /// the object, and how the garbage collector will handle the propagation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub propagation: Option, +} + +/// Deletion contains the global deletion configuration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum TestDeletionPropagation { + Orphan, + Background, + Foreground, +} + +/// Error contains the global error configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestError { + /// Catch defines what the tests steps will execute when an error happens. + /// This will be combined with catch handlers defined at the test and step levels. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub catch: Option>, +} + +/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatch { + /// Command defines a command to run. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub command: Option, + /// Delete represents a deletion operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub delete: Option, + /// Describe determines the resource describe collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub describe: Option, + /// Description contains a description of the operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// Events determines the events collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub events: Option, + /// Get determines the resource get collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub get: Option, + /// PodLogs determines the pod logs collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podLogs")] + pub pod_logs: Option, + /// Script defines a script to run. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub script: Option, + /// Sleep defines zzzz. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sleep: Option, + /// Wait determines the resource wait collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wait: Option, +} + +/// Command defines a command to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchCommand { + /// Args is the command arguments. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub args: Option>, + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Entrypoint is the command entry point to run. + pub entrypoint: String, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchCommandBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchCommandClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchCommandEnv { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchCommandOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Delete represents a deletion operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchDelete { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// DeletionPropagationPolicy decides if a deletion will propagate to the dependents of + /// the object, and how the garbage collector will handle the propagation. + /// Overrides the deletion propagation policy set in the Configuration, the Test and the TestStep. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "deletionPropagationPolicy")] + pub deletion_propagation_policy: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Ref determines objects to be deleted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ref")] + pub r#ref: Option, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchDeleteBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchDeleteClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Delete represents a deletion operation. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum TestErrorCatchDeleteDeletionPropagationPolicy { + Orphan, + Background, + Foreground, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchDeleteExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, +} + +/// Ref determines objects to be deleted. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchDeleteRef { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Label selector to match objects to delete + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Describe determines the resource describe collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchDescribe { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Show Events indicates whether to include related events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "showEvents")] + pub show_events: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchDescribeClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Events determines the events collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchEvents { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchEventsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Get determines the resource get collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchGet { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchGetClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// PodLogs determines the pod logs collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchPodLogs { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Container in pod to get logs from else --all-containers is used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub container: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Tail is the number of last lines to collect from pods. If omitted or zero, + /// then the default is 10 if you use a selector, or -1 (all) if you use a pod name. + /// This matches default behavior of `kubectl logs`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tail: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchPodLogsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Script defines a script to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchScript { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Content defines a shell script (run with "sh -c ..."). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub content: Option, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchScriptBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchScriptClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchScriptEnv { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchScriptOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Sleep defines zzzz. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchSleep { + /// Duration is the delay used for sleeping. + pub duration: String, +} + +/// Wait determines the resource wait collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchWait { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster where the wait operation will be performed (default cluster will be used if not specified). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// For specifies the condition to wait for. + #[serde(rename = "for")] + pub r#for: TestErrorCatchWaitFor, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Specifies how long to wait for the condition to be met before timing out. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchWaitClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// For specifies the condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchWaitFor { + /// Condition specifies the condition to wait for. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub condition: Option, + /// Deletion specifies parameters for waiting on a resource's deletion. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deletion: Option, + /// JsonPath specifies the json path condition to wait for. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jsonPath")] + pub json_path: Option, +} + +/// Condition specifies the condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchWaitForCondition { + /// Name defines the specific condition to wait for, e.g., "Available", "Ready". + pub name: String, + /// Value defines the specific condition status to wait for, e.g., "True", "False". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Deletion specifies parameters for waiting on a resource's deletion. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchWaitForDeletion { +} + +/// JsonPath specifies the json path condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchWaitForJsonPath { + /// Path defines the json path to wait for, e.g. '{.status.phase}'. + pub path: String, + /// Value defines the expected value to wait for, e.g., "Running". + pub value: String, +} + +/// Execution contains tests execution configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestExecution { + /// Concurrent determines whether the test should run concurrently with other tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub concurrent: Option, + /// Skip determines whether the test should skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub skip: Option, + /// TerminationGracePeriod forces the termination grace period on pods, statefulsets, daemonsets and deployments. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriod")] + pub termination_grace_period: Option, +} + +/// Namespace contains properties for the namespace to use for tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestNamespace { + /// Name defines the namespace to use for tests. + /// If not specified, every test will execute in a random ephemeral namespace + /// unless the namespace is overridden in a the test spec. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Template defines a template to create the test namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option>, +} + +/// TestStep contains the test step definition used in a test spec. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestSteps { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Catch defines what the step will execute when an error happens. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub catch: Option>, + /// Cleanup defines what will be executed after the test is terminated. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cleanup: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// DeletionPropagationPolicy decides if a deletion will propagate to the dependents of + /// the object, and how the garbage collector will handle the propagation. + /// Overrides the deletion propagation policy set in both the Configuration and the Test. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "deletionPropagationPolicy")] + pub deletion_propagation_policy: Option, + /// Description contains a description of the test step. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// Finally defines what the step will execute after the step is terminated. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub finally: Option>, + /// Name of the step. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// SkipDelete determines whether the resources created by the step should be deleted after the test step is executed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipDelete")] + pub skip_delete: Option, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeouts for the test step. Overrides the global timeouts set in the Configuration and the timeouts eventually set in the Test. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeouts: Option, + /// Try defines what the step will try to execute. + #[serde(rename = "try")] + pub r#try: Vec, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatch { + /// Command defines a command to run. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub command: Option, + /// Delete represents a deletion operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub delete: Option, + /// Describe determines the resource describe collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub describe: Option, + /// Description contains a description of the operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// Events determines the events collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub events: Option, + /// Get determines the resource get collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub get: Option, + /// PodLogs determines the pod logs collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podLogs")] + pub pod_logs: Option, + /// Script defines a script to run. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub script: Option, + /// Sleep defines zzzz. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sleep: Option, + /// Wait determines the resource wait collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wait: Option, +} + +/// Command defines a command to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchCommand { + /// Args is the command arguments. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub args: Option>, + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Entrypoint is the command entry point to run. + pub entrypoint: String, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchCommandBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchCommandClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchCommandEnv { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchCommandOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Delete represents a deletion operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchDelete { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// DeletionPropagationPolicy decides if a deletion will propagate to the dependents of + /// the object, and how the garbage collector will handle the propagation. + /// Overrides the deletion propagation policy set in the Configuration, the Test and the TestStep. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "deletionPropagationPolicy")] + pub deletion_propagation_policy: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Ref determines objects to be deleted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ref")] + pub r#ref: Option, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchDeleteBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchDeleteClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Delete represents a deletion operation. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum TestStepsCatchDeleteDeletionPropagationPolicy { + Orphan, + Background, + Foreground, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchDeleteExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, +} + +/// Ref determines objects to be deleted. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchDeleteRef { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Label selector to match objects to delete + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Describe determines the resource describe collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchDescribe { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Show Events indicates whether to include related events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "showEvents")] + pub show_events: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchDescribeClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Events determines the events collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchEvents { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchEventsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Get determines the resource get collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchGet { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchGetClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// PodLogs determines the pod logs collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchPodLogs { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Container in pod to get logs from else --all-containers is used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub container: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Tail is the number of last lines to collect from pods. If omitted or zero, + /// then the default is 10 if you use a selector, or -1 (all) if you use a pod name. + /// This matches default behavior of `kubectl logs`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tail: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchPodLogsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Script defines a script to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchScript { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Content defines a shell script (run with "sh -c ..."). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub content: Option, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchScriptBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchScriptClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchScriptEnv { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchScriptOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Sleep defines zzzz. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchSleep { + /// Duration is the delay used for sleeping. + pub duration: String, +} + +/// Wait determines the resource wait collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchWait { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster where the wait operation will be performed (default cluster will be used if not specified). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// For specifies the condition to wait for. + #[serde(rename = "for")] + pub r#for: TestStepsCatchWaitFor, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Specifies how long to wait for the condition to be met before timing out. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchWaitClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// For specifies the condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchWaitFor { + /// Condition specifies the condition to wait for. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub condition: Option, + /// Deletion specifies parameters for waiting on a resource's deletion. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deletion: Option, + /// JsonPath specifies the json path condition to wait for. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jsonPath")] + pub json_path: Option, +} + +/// Condition specifies the condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchWaitForCondition { + /// Name defines the specific condition to wait for, e.g., "Available", "Ready". + pub name: String, + /// Value defines the specific condition status to wait for, e.g., "True", "False". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Deletion specifies parameters for waiting on a resource's deletion. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchWaitForDeletion { +} + +/// JsonPath specifies the json path condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchWaitForJsonPath { + /// Path defines the json path to wait for, e.g. '{.status.phase}'. + pub path: String, + /// Value defines the expected value to wait for, e.g., "Running". + pub value: String, +} + +/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanup { + /// Command defines a command to run. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub command: Option, + /// Delete represents a deletion operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub delete: Option, + /// Describe determines the resource describe collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub describe: Option, + /// Description contains a description of the operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// Events determines the events collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub events: Option, + /// Get determines the resource get collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub get: Option, + /// PodLogs determines the pod logs collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podLogs")] + pub pod_logs: Option, + /// Script defines a script to run. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub script: Option, + /// Sleep defines zzzz. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sleep: Option, + /// Wait determines the resource wait collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wait: Option, +} + +/// Command defines a command to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupCommand { + /// Args is the command arguments. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub args: Option>, + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Entrypoint is the command entry point to run. + pub entrypoint: String, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupCommandBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupCommandClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupCommandEnv { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupCommandOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Delete represents a deletion operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupDelete { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// DeletionPropagationPolicy decides if a deletion will propagate to the dependents of + /// the object, and how the garbage collector will handle the propagation. + /// Overrides the deletion propagation policy set in the Configuration, the Test and the TestStep. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "deletionPropagationPolicy")] + pub deletion_propagation_policy: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Ref determines objects to be deleted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ref")] + pub r#ref: Option, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupDeleteBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupDeleteClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Delete represents a deletion operation. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum TestStepsCleanupDeleteDeletionPropagationPolicy { + Orphan, + Background, + Foreground, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupDeleteExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, +} + +/// Ref determines objects to be deleted. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupDeleteRef { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Label selector to match objects to delete + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Describe determines the resource describe collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupDescribe { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Show Events indicates whether to include related events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "showEvents")] + pub show_events: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupDescribeClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Events determines the events collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupEvents { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupEventsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Get determines the resource get collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupGet { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupGetClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// PodLogs determines the pod logs collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupPodLogs { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Container in pod to get logs from else --all-containers is used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub container: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Tail is the number of last lines to collect from pods. If omitted or zero, + /// then the default is 10 if you use a selector, or -1 (all) if you use a pod name. + /// This matches default behavior of `kubectl logs`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tail: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupPodLogsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Script defines a script to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupScript { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Content defines a shell script (run with "sh -c ..."). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub content: Option, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupScriptBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupScriptClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupScriptEnv { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupScriptOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Sleep defines zzzz. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupSleep { + /// Duration is the delay used for sleeping. + pub duration: String, +} + +/// Wait determines the resource wait collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupWait { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster where the wait operation will be performed (default cluster will be used if not specified). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// For specifies the condition to wait for. + #[serde(rename = "for")] + pub r#for: TestStepsCleanupWaitFor, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Specifies how long to wait for the condition to be met before timing out. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupWaitClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// For specifies the condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupWaitFor { + /// Condition specifies the condition to wait for. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub condition: Option, + /// Deletion specifies parameters for waiting on a resource's deletion. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deletion: Option, + /// JsonPath specifies the json path condition to wait for. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jsonPath")] + pub json_path: Option, +} + +/// Condition specifies the condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupWaitForCondition { + /// Name defines the specific condition to wait for, e.g., "Available", "Ready". + pub name: String, + /// Value defines the specific condition status to wait for, e.g., "True", "False". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Deletion specifies parameters for waiting on a resource's deletion. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupWaitForDeletion { +} + +/// JsonPath specifies the json path condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupWaitForJsonPath { + /// Path defines the json path to wait for, e.g. '{.status.phase}'. + pub path: String, + /// Value defines the expected value to wait for, e.g., "Running". + pub value: String, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// TestStep contains the test step definition used in a test spec. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum TestStepsDeletionPropagationPolicy { + Orphan, + Background, + Foreground, +} + +/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinally { + /// Command defines a command to run. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub command: Option, + /// Delete represents a deletion operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub delete: Option, + /// Describe determines the resource describe collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub describe: Option, + /// Description contains a description of the operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// Events determines the events collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub events: Option, + /// Get determines the resource get collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub get: Option, + /// PodLogs determines the pod logs collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podLogs")] + pub pod_logs: Option, + /// Script defines a script to run. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub script: Option, + /// Sleep defines zzzz. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sleep: Option, + /// Wait determines the resource wait collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wait: Option, +} + +/// Command defines a command to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyCommand { + /// Args is the command arguments. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub args: Option>, + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Entrypoint is the command entry point to run. + pub entrypoint: String, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyCommandBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyCommandClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyCommandEnv { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyCommandOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Delete represents a deletion operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyDelete { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// DeletionPropagationPolicy decides if a deletion will propagate to the dependents of + /// the object, and how the garbage collector will handle the propagation. + /// Overrides the deletion propagation policy set in the Configuration, the Test and the TestStep. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "deletionPropagationPolicy")] + pub deletion_propagation_policy: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Ref determines objects to be deleted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ref")] + pub r#ref: Option, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyDeleteBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyDeleteClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Delete represents a deletion operation. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum TestStepsFinallyDeleteDeletionPropagationPolicy { + Orphan, + Background, + Foreground, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyDeleteExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, +} + +/// Ref determines objects to be deleted. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyDeleteRef { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Label selector to match objects to delete + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Describe determines the resource describe collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyDescribe { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Show Events indicates whether to include related events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "showEvents")] + pub show_events: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyDescribeClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Events determines the events collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyEvents { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyEventsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Get determines the resource get collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyGet { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyGetClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// PodLogs determines the pod logs collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyPodLogs { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Container in pod to get logs from else --all-containers is used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub container: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Tail is the number of last lines to collect from pods. If omitted or zero, + /// then the default is 10 if you use a selector, or -1 (all) if you use a pod name. + /// This matches default behavior of `kubectl logs`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tail: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyPodLogsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Script defines a script to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyScript { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Content defines a shell script (run with "sh -c ..."). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub content: Option, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyScriptBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyScriptClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyScriptEnv { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyScriptOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Sleep defines zzzz. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallySleep { + /// Duration is the delay used for sleeping. + pub duration: String, +} + +/// Wait determines the resource wait collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyWait { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster where the wait operation will be performed (default cluster will be used if not specified). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// For specifies the condition to wait for. + #[serde(rename = "for")] + pub r#for: TestStepsFinallyWaitFor, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Specifies how long to wait for the condition to be met before timing out. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyWaitClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// For specifies the condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyWaitFor { + /// Condition specifies the condition to wait for. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub condition: Option, + /// Deletion specifies parameters for waiting on a resource's deletion. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deletion: Option, + /// JsonPath specifies the json path condition to wait for. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jsonPath")] + pub json_path: Option, +} + +/// Condition specifies the condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyWaitForCondition { + /// Name defines the specific condition to wait for, e.g., "Available", "Ready". + pub name: String, + /// Value defines the specific condition status to wait for, e.g., "True", "False". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Deletion specifies parameters for waiting on a resource's deletion. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyWaitForDeletion { +} + +/// JsonPath specifies the json path condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyWaitForJsonPath { + /// Path defines the json path to wait for, e.g. '{.status.phase}'. + pub path: String, + /// Value defines the expected value to wait for, e.g., "Running". + pub value: String, +} + +/// Timeouts for the test step. Overrides the global timeouts set in the Configuration and the timeouts eventually set in the Test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTimeouts { + /// Apply defines the timeout for the apply operation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub apply: Option, + /// Assert defines the timeout for the assert operation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub assert: Option, + /// Cleanup defines the timeout for the cleanup operation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cleanup: Option, + /// Delete defines the timeout for the delete operation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub delete: Option, + /// Error defines the timeout for the error operation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, + /// Exec defines the timeout for exec operations + #[serde(default, skip_serializing_if = "Option::is_none")] + pub exec: Option, +} + +/// Operation defines a single operation, only one action is permitted for a given operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTry { + /// Apply represents resources that should be applied for this test step. This can include things + /// like configuration settings or any other resources that need to be available during the test. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub apply: Option, + /// Assert represents an assertion to be made. It checks whether the conditions specified in the assertion hold true. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub assert: Option, + /// Command defines a command to run. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub command: Option, + /// ContinueOnError determines whether a test should continue or not in case the operation was not successful. + /// Even if the test continues executing, it will still be reported as failed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "continueOnError")] + pub continue_on_error: Option, + /// Create represents a creation operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub create: Option, + /// Delete represents a deletion operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub delete: Option, + /// Describe determines the resource describe collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub describe: Option, + /// Description contains a description of the operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// Error represents the expected errors for this test step. If any of these errors occur, the test + /// will consider them as expected; otherwise, they will be treated as test failures. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, + /// Events determines the events collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub events: Option, + /// Get determines the resource get collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub get: Option, + /// Patch represents a patch operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub patch: Option, + /// PodLogs determines the pod logs collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podLogs")] + pub pod_logs: Option, + /// Script defines a script to run. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub script: Option, + /// Sleep defines zzzz. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sleep: Option, + /// Update represents an update operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub update: Option, + /// Wait determines the resource wait collector to execute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wait: Option, +} + +/// Apply represents resources that should be applied for this test step. This can include things +/// like configuration settings or any other resources that need to be available during the test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryApply { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// Resource provides a resource to be applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryApplyBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryApplyClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryApplyExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryApplyOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Assert represents an assertion to be made. It checks whether the conditions specified in the assertion hold true. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryAssert { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Check provides a check used in assertions. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryAssertBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryAssertClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Command defines a command to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryCommand { + /// Args is the command arguments. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub args: Option>, + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Entrypoint is the command entry point to run. + pub entrypoint: String, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryCommandBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryCommandClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryCommandEnv { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryCommandOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Create represents a creation operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryCreate { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// Resource provides a resource to be applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryCreateBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryCreateClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryCreateExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryCreateOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Delete represents a deletion operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryDelete { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// DeletionPropagationPolicy decides if a deletion will propagate to the dependents of + /// the object, and how the garbage collector will handle the propagation. + /// Overrides the deletion propagation policy set in the Configuration, the Test and the TestStep. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "deletionPropagationPolicy")] + pub deletion_propagation_policy: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Ref determines objects to be deleted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ref")] + pub r#ref: Option, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryDeleteBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryDeleteClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Delete represents a deletion operation. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum TestStepsTryDeleteDeletionPropagationPolicy { + Orphan, + Background, + Foreground, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryDeleteExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, +} + +/// Ref determines objects to be deleted. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryDeleteRef { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Label selector to match objects to delete + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Describe determines the resource describe collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryDescribe { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Show Events indicates whether to include related events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "showEvents")] + pub show_events: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryDescribeClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Error represents the expected errors for this test step. If any of these errors occur, the test +/// will consider them as expected; otherwise, they will be treated as test failures. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryError { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Check provides a check used in assertions. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryErrorBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryErrorClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Events determines the events collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryEvents { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryEventsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Get determines the resource get collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryGet { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryGetClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Patch represents a patch operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryPatch { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// Resource provides a resource to be applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryPatchBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryPatchClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryPatchExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryPatchOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// PodLogs determines the pod logs collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryPodLogs { + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Container in pod to get logs from else --all-containers is used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub container: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Tail is the number of last lines to collect from pods. If omitted or zero, + /// then the default is 10 if you use a selector, or -1 (all) if you use a pod name. + /// This matches default behavior of `kubectl logs`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tail: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryPodLogsClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Script defines a script to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryScript { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// Content defines a shell script (run with "sh -c ..."). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub content: Option, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryScriptBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryScriptClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryScriptEnv { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryScriptOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Sleep defines zzzz. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTrySleep { + /// Duration is the delay used for sleeping. + pub duration: String, +} + +/// Update represents an update operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryUpdate { + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// Resource provides a resource to be applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Binding represents a key/value set as a binding in an executing test. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryUpdateBindings { + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryUpdateClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryUpdateExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, +} + +/// Output represents an output binding with a match to determine if the binding must be considered or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryUpdateOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Wait determines the resource wait collector to execute. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryWait { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// Cluster defines the target cluster where the wait operation will be performed (default cluster will be used if not specified). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, + /// For specifies the condition to wait for. + #[serde(rename = "for")] + pub r#for: TestStepsTryWaitFor, + /// Format determines the output format (json or yaml). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector defines labels selector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Timeout for the operation. Specifies how long to wait for the condition to be met before timing out. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Clusters holds a registry to clusters to support multi-cluster tests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryWaitClusters { + /// Context is the name of the context to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option, + /// Kubeconfig is the path to the referenced file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kubeconfig: Option, +} + +/// For specifies the condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryWaitFor { + /// Condition specifies the condition to wait for. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub condition: Option, + /// Deletion specifies parameters for waiting on a resource's deletion. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deletion: Option, + /// JsonPath specifies the json path condition to wait for. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jsonPath")] + pub json_path: Option, +} + +/// Condition specifies the condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryWaitForCondition { + /// Name defines the specific condition to wait for, e.g., "Available", "Ready". + pub name: String, + /// Value defines the specific condition status to wait for, e.g., "True", "False". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Deletion specifies parameters for waiting on a resource's deletion. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryWaitForDeletion { +} + +/// JsonPath specifies the json path condition to wait for. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryWaitForJsonPath { + /// Path defines the json path to wait for, e.g. '{.status.phase}'. + pub path: String, + /// Value defines the expected value to wait for, e.g., "Running". + pub value: String, +} + +/// Templating contains the templating config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestTemplating { + /// Enabled determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// Timeouts for the test. Overrides the global timeouts set in the Configuration on a per operation basis. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestTimeouts { + /// Apply defines the timeout for the apply operation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub apply: Option, + /// Assert defines the timeout for the assert operation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub assert: Option, + /// Cleanup defines the timeout for the cleanup operation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cleanup: Option, + /// Delete defines the timeout for the delete operation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub delete: Option, + /// Error defines the timeout for the error operation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, + /// Exec defines the timeout for exec operations + #[serde(default, skip_serializing_if = "Option::is_none")] + pub exec: Option, +} + diff --git a/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs b/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs index b7a67c038..d84e1d5a1 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs @@ -8,6 +8,7 @@ mod prelude { pub use serde::{Serialize, Deserialize}; pub use std::collections::BTreeMap; pub use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; } use self::prelude::*; @@ -3446,12 +3447,11 @@ pub enum CiliumClusterwideNetworkPolicysNodeSelectorMatchExpressionsOperator { /// The reason this field exists in this structure is due a bug in the k8s code-generator that doesn't create a `UpdateStatus` method because the field does not exist in the structure. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumClusterwideNetworkPolicyStatus { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, /// DerivativePolicies is the status of all policies derived from the Cilium policy #[serde(default, skip_serializing_if = "Option::is_none", rename = "derivativePolicies")] pub derivative_policies: Option>, - /// Nodes is the Cilium policy status for each node - #[serde(default, skip_serializing_if = "Option::is_none")] - pub nodes: Option>, } /// DerivativePolicies is the status of all policies derived from the Cilium policy @@ -3477,26 +3477,3 @@ pub struct CiliumClusterwideNetworkPolicyStatusDerivativePolicies { pub ok: Option, } -/// Nodes is the Cilium policy status for each node -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct CiliumClusterwideNetworkPolicyStatusNodes { - /// Annotations corresponds to the Annotations in the ObjectMeta of the CNP that have been realized on the node for CNP. That is, if a CNP has been imported and has been assigned annotation X=Y by the user, Annotations in CiliumNetworkPolicyNodeStatus will be X=Y once the CNP that was imported corresponding to Annotation X=Y has been realized on the node. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, - /// Enforcing is set to true once all endpoints present at the time the policy has been imported are enforcing this policy. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub enforcing: Option, - /// Error describes any error that occurred when parsing or importing the policy, or realizing the policy for the endpoints to which it applies on the node. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, - /// LastUpdated contains the last time this status was updated - #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastUpdated")] - pub last_updated: Option, - /// Revision is the policy revision of the repository which first implemented this policy. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "localPolicyRevision")] - pub local_policy_revision: Option, - /// OK is true when the policy has been parsed and imported successfully into the in-memory policy repository on the node. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ok: Option, -} - diff --git a/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs b/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs index 7a01a69e2..85392b133 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs @@ -8,6 +8,7 @@ mod prelude { pub use serde::{Serialize, Deserialize}; pub use std::collections::BTreeMap; pub use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; } use self::prelude::*; @@ -3446,12 +3447,11 @@ pub enum CiliumNetworkPolicysNodeSelectorMatchExpressionsOperator { /// Status is the status of the Cilium policy rule #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumNetworkPolicyStatus { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, /// DerivativePolicies is the status of all policies derived from the Cilium policy #[serde(default, skip_serializing_if = "Option::is_none", rename = "derivativePolicies")] pub derivative_policies: Option>, - /// Nodes is the Cilium policy status for each node - #[serde(default, skip_serializing_if = "Option::is_none")] - pub nodes: Option>, } /// DerivativePolicies is the status of all policies derived from the Cilium policy @@ -3477,26 +3477,3 @@ pub struct CiliumNetworkPolicyStatusDerivativePolicies { pub ok: Option, } -/// Nodes is the Cilium policy status for each node -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct CiliumNetworkPolicyStatusNodes { - /// Annotations corresponds to the Annotations in the ObjectMeta of the CNP that have been realized on the node for CNP. That is, if a CNP has been imported and has been assigned annotation X=Y by the user, Annotations in CiliumNetworkPolicyNodeStatus will be X=Y once the CNP that was imported corresponding to Annotation X=Y has been realized on the node. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, - /// Enforcing is set to true once all endpoints present at the time the policy has been imported are enforcing this policy. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub enforcing: Option, - /// Error describes any error that occurred when parsing or importing the policy, or realizing the policy for the endpoints to which it applies on the node. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, - /// LastUpdated contains the last time this status was updated - #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastUpdated")] - pub last_updated: Option, - /// Revision is the policy revision of the repository which first implemented this policy. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "localPolicyRevision")] - pub local_policy_revision: Option, - /// OK is true when the policy has been parsed and imported successfully into the in-memory policy repository on the node. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ok: Option, -} - diff --git a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/clusterclasses.rs b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/clusterclasses.rs index 4b2973677..71ee1b08e 100644 --- a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/clusterclasses.rs +++ b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/clusterclasses.rs @@ -110,8 +110,18 @@ pub struct ClusterClassControlPlaneMachineHealthCheck { /// "selector" are not healthy. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxUnhealthy")] pub max_unhealthy: Option, - /// Machines older than this duration without a node will be considered to have - /// failed and will be remediated. + /// NodeStartupTimeout allows to set the maximum time for MachineHealthCheck + /// to consider a Machine unhealthy if a corresponding Node isn't associated + /// through a `Spec.ProviderID` field. + /// + /// + /// The duration set in this field is compared to the greatest of: + /// - Cluster's infrastructure and control plane ready condition timestamp (if and when available) + /// - Machine's infrastructure ready condition timestamp (if and when available) + /// - Machine's metadata creation timestamp + /// + /// + /// Defaults to 10 minutes. /// If you wish to disable this feature, set the value explicitly to 0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeStartupTimeout")] pub node_startup_timeout: Option, @@ -754,8 +764,18 @@ pub struct ClusterClassWorkersMachineDeploymentsMachineHealthCheck { /// "selector" are not healthy. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxUnhealthy")] pub max_unhealthy: Option, - /// Machines older than this duration without a node will be considered to have - /// failed and will be remediated. + /// NodeStartupTimeout allows to set the maximum time for MachineHealthCheck + /// to consider a Machine unhealthy if a corresponding Node isn't associated + /// through a `Spec.ProviderID` field. + /// + /// + /// The duration set in this field is compared to the greatest of: + /// - Cluster's infrastructure and control plane ready condition timestamp (if and when available) + /// - Machine's infrastructure ready condition timestamp (if and when available) + /// - Machine's metadata creation timestamp + /// + /// + /// Defaults to 10 minutes. /// If you wish to disable this feature, set the value explicitly to 0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeStartupTimeout")] pub node_startup_timeout: Option, diff --git a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/clusters.rs b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/clusters.rs index 5ac9d03a5..47fb75778 100644 --- a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/clusters.rs +++ b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/clusters.rs @@ -256,8 +256,18 @@ pub struct ClusterTopologyControlPlaneMachineHealthCheck { /// "selector" are not healthy. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxUnhealthy")] pub max_unhealthy: Option, - /// Machines older than this duration without a node will be considered to have - /// failed and will be remediated. + /// NodeStartupTimeout allows to set the maximum time for MachineHealthCheck + /// to consider a Machine unhealthy if a corresponding Node isn't associated + /// through a `Spec.ProviderID` field. + /// + /// + /// The duration set in this field is compared to the greatest of: + /// - Cluster's infrastructure and control plane ready condition timestamp (if and when available) + /// - Machine's infrastructure ready condition timestamp (if and when available) + /// - Machine's metadata creation timestamp + /// + /// + /// Defaults to 10 minutes. /// If you wish to disable this feature, set the value explicitly to 0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeStartupTimeout")] pub node_startup_timeout: Option, @@ -505,8 +515,18 @@ pub struct ClusterTopologyWorkersMachineDeploymentsMachineHealthCheck { /// "selector" are not healthy. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxUnhealthy")] pub max_unhealthy: Option, - /// Machines older than this duration without a node will be considered to have - /// failed and will be remediated. + /// NodeStartupTimeout allows to set the maximum time for MachineHealthCheck + /// to consider a Machine unhealthy if a corresponding Node isn't associated + /// through a `Spec.ProviderID` field. + /// + /// + /// The duration set in this field is compared to the greatest of: + /// - Cluster's infrastructure and control plane ready condition timestamp (if and when available) + /// - Machine's infrastructure ready condition timestamp (if and when available) + /// - Machine's metadata creation timestamp + /// + /// + /// Defaults to 10 minutes. /// If you wish to disable this feature, set the value explicitly to 0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeStartupTimeout")] pub node_startup_timeout: Option, diff --git a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinehealthchecks.rs b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinehealthchecks.rs index b4d3f5fa0..07be396a1 100644 --- a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinehealthchecks.rs +++ b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinehealthchecks.rs @@ -28,9 +28,18 @@ pub struct MachineHealthCheckSpec { /// "selector" are not healthy. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxUnhealthy")] pub max_unhealthy: Option, - /// Machines older than this duration without a node will be considered to have - /// failed and will be remediated. - /// If not set, this value is defaulted to 10 minutes. + /// NodeStartupTimeout allows to set the maximum time for MachineHealthCheck + /// to consider a Machine unhealthy if a corresponding Node isn't associated + /// through a `Spec.ProviderID` field. + /// + /// + /// The duration set in this field is compared to the greatest of: + /// - Cluster's infrastructure and control plane ready condition timestamp (if and when available) + /// - Machine's infrastructure ready condition timestamp (if and when available) + /// - Machine's metadata creation timestamp + /// + /// + /// Defaults to 10 minutes. /// If you wish to disable this feature, set the value explicitly to 0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeStartupTimeout")] pub node_startup_timeout: Option, diff --git a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinepools.rs b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinepools.rs index 72f5f50a7..3435fb669 100644 --- a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinepools.rs +++ b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinepools.rs @@ -30,7 +30,6 @@ pub struct MachinePoolSpec { /// be ready. /// Defaults to 0 (machine instance will be considered available as soon as it /// is ready) - /// NOTE: No logic is implemented for this field and it currently has no behaviour. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minReadySeconds")] pub min_ready_seconds: Option, /// ProviderIDList are the identification IDs of machine instances provided by the provider. diff --git a/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs b/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs index fd7070fb5..77606438c 100644 --- a/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs +++ b/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs @@ -93,13 +93,13 @@ pub struct ResourceInterpreterCustomizationCustomizationsDependencyInterpretatio /// luaScript: > /// function GetDependencies(desiredObj) /// dependencies = {} - /// if desiredObj.spec.serviceAccountName ~= nil and desiredObj.spec.serviceAccountName ~= "default" then + /// serviceAccountName = desiredObj.spec.template.spec.serviceAccountName + /// if serviceAccountName ~= nil and serviceAccountName ~= "default" then /// dependency = {} /// dependency.apiVersion = "v1" /// dependency.kind = "ServiceAccount" - /// dependency.name = desiredObj.spec.serviceAccountName - /// dependency.namespace = desiredObj.namespace - /// dependencies[1] = {} + /// dependency.name = serviceAccountName + /// dependency.namespace = desiredObj.metadata.namespace /// dependencies[1] = dependency /// end /// return dependencies diff --git a/kube-custom-resources-rs/src/extensions_istio_io/v1alpha1/wasmplugins.rs b/kube-custom-resources-rs/src/extensions_istio_io/v1alpha1/wasmplugins.rs index baeef6c9d..0a1904419 100644 --- a/kube-custom-resources-rs/src/extensions_istio_io/v1alpha1/wasmplugins.rs +++ b/kube-custom-resources-rs/src/extensions_istio_io/v1alpha1/wasmplugins.rs @@ -147,11 +147,9 @@ pub struct WasmPluginTargetRef { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -163,11 +161,9 @@ pub struct WasmPluginTargetRefs { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs index f982aa7d2..d2eff8e86 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs @@ -1159,6 +1159,9 @@ pub struct ClusterSecretStoreProviderGcpsm { /// Auth defines the information necessary to authenticate against GCP #[serde(default, skip_serializing_if = "Option::is_none")] pub auth: Option, + /// Location optionally defines a location for a secret + #[serde(default, skip_serializing_if = "Option::is_none")] + pub location: Option, /// ProjectID project where secret is located #[serde(default, skip_serializing_if = "Option::is_none", rename = "projectID")] pub project_id: Option, diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs index 6ee8cabc0..813d05dd5 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs @@ -1160,6 +1160,9 @@ pub struct SecretStoreProviderGcpsm { /// Auth defines the information necessary to authenticate against GCP #[serde(default, skip_serializing_if = "Option::is_none")] pub auth: Option, + /// Location optionally defines a location for a secret + #[serde(default, skip_serializing_if = "Option::is_none")] + pub location: Option, /// ProjectID project where secret is located #[serde(default, skip_serializing_if = "Option::is_none", rename = "projectID")] pub project_id: Option, diff --git a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs index 9b26598ef..7e7e9f4d7 100644 --- a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs +++ b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs @@ -69,10 +69,8 @@ pub struct FlowCollectorAgent { /// is set to `IPFIX`. #[serde(default, skip_serializing_if = "Option::is_none")] pub ipfix: Option, - /// `type` [deprecated (*)] selects the flows tracing agent. The only possible value is `eBPF` (default), to use NetObserv eBPF agent.
- /// Previously, using an IPFIX collector was allowed, but was deprecated and it is now removed.
- /// Setting `IPFIX` is ignored and still use the eBPF Agent. - /// Since there is only a single option here, this field will be remove in a future API version. + /// `type` [deprecated (*)] selects the flows tracing agent. Previously, this field allowed to select between `eBPF` or `IPFIX`. + /// Only `eBPF` is allowed now, so this field is deprecated and is planned for removal in a future version of the API. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -116,7 +114,7 @@ pub struct FlowCollectorAgentEbpf { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullPolicy")] pub image_pull_policy: Option, /// `interfaces` contains the interface names from where flows are collected. If empty, the agent - /// fetches all the interfaces in the system, excepting the ones listed in ExcludeInterfaces. + /// fetches all the interfaces in the system, excepting the ones listed in `excludeInterfaces`. /// An entry enclosed by slashes, such as `/br-/`, is matched as a regular expression. /// Otherwise it is matched as a case-sensitive string. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -157,36 +155,32 @@ pub struct FlowCollectorAgentEbpfAdvanced { /// in edge debug or support scenarios. #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, - /// scheduling controls whether the pod will be scheduled or not. + /// scheduling controls how the pods are scheduled on nodes. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheduling: Option, } -/// scheduling controls whether the pod will be scheduled or not. +/// scheduling controls how the pods are scheduled on nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorAgentEbpfAdvancedScheduling { - /// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling + /// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. #[serde(default, skip_serializing_if = "Option::is_none")] pub affinity: Option, - /// NodeSelector is a selector which must be true for the pod to fit on a node. - /// Selector which must match a node's labels for the pod to be scheduled on that node. - /// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + /// `nodeSelector` allows to schedule pods only onto nodes that have each of the specified labels. + /// For documentation, refer to https://kubernetes.io/docs/concepts/configuration/assign-pod-node/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, - /// If specified, indicates the pod's priority. "system-node-critical" and - /// "system-cluster-critical" are two special keywords which indicate the - /// highest priorities with the former being the highest priority. Any other - /// name must be defined by creating a PriorityClass object with that name. - /// If not specified, the pod priority will be default or zero if there is no - /// default. + /// If specified, indicates the pod's priority. For documentation, refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#how-to-use-priority-and-preemption. + /// If not specified, default priority is used, or zero if there is no default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "priorityClassName")] pub priority_class_name: Option, - /// tolerations is a list of tolerations that allow the pod to schedule onto nodes with matching taints. + /// `tolerations` is a list of tolerations that allow the pod to schedule onto nodes with matching taints. + /// For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. #[serde(default, skip_serializing_if = "Option::is_none")] pub tolerations: Option>, } -/// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling +/// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorAgentEbpfAdvancedSchedulingAffinity { /// Describes node affinity scheduling rules for the pod. @@ -920,45 +914,45 @@ pub struct FlowCollectorAgentEbpfAdvancedSchedulingTolerations { /// `flowFilter` defines the eBPF agent configuration regarding flow filtering #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorAgentEbpfFlowFilter { - /// Action defines the action to perform on the flows that match the filter. + /// `action` defines the action to perform on the flows that match the filter. #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, - /// CIDR defines the IP CIDR to filter flows by. - /// Example: 10.10.10.0/24 or 100:100:100:100::/64 + /// `cidr` defines the IP CIDR to filter flows by. + /// Examples: `10.10.10.0/24` or `100:100:100:100::/64` #[serde(default, skip_serializing_if = "Option::is_none")] pub cidr: Option, - /// DestPorts defines the destination ports to filter flows by. - /// To filter a single port, set a single port as an integer value. For example destPorts: 80. - /// To filter a range of ports, use a "start-end" range, string format. For example destPorts: "80-100". + /// `destPorts` defines the destination ports to filter flows by. + /// To filter a single port, set a single port as an integer value. For example: `destPorts: 80`. + /// To filter a range of ports, use a "start-end" range, string format. For example: `destPorts: "80-100"`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "destPorts")] pub dest_ports: Option, - /// Direction defines the direction to filter flows by. + /// `direction` defines the direction to filter flows by. #[serde(default, skip_serializing_if = "Option::is_none")] pub direction: Option, /// Set `enable` to `true` to enable eBPF flow filtering feature. #[serde(default, skip_serializing_if = "Option::is_none")] pub enable: Option, - /// ICMPCode defines the ICMP code to filter flows by. + /// `icmpCode` defines the ICMP code to filter flows by. #[serde(default, skip_serializing_if = "Option::is_none", rename = "icmpCode")] pub icmp_code: Option, - /// ICMPType defines the ICMP type to filter flows by. + /// `icmpType` defines the ICMP type to filter flows by. #[serde(default, skip_serializing_if = "Option::is_none", rename = "icmpType")] pub icmp_type: Option, - /// PeerIP defines the IP address to filter flows by. - /// Example: 10.10.10.10 + /// `peerIP` defines the IP address to filter flows by. + /// Example: `10.10.10.10`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "peerIP")] pub peer_ip: Option, - /// Ports defines the ports to filter flows by. it can be user for either source or destination ports. - /// To filter a single port, set a single port as an integer value. For example ports: 80. - /// To filter a range of ports, use a "start-end" range, string format. For example ports: "80-10 + /// `ports` defines the ports to filter flows by, used both for source and destination ports. + /// To filter a single port, set a single port as an integer value. For example: `ports: 80`. + /// To filter a range of ports, use a "start-end" range, string format. For example: `ports: "80-100"`. #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option, - /// Protocol defines the protocol to filter flows by. + /// `protocol` defines the protocol to filter flows by. #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// SourcePorts defines the source ports to filter flows by. - /// To filter a single port, set a single port as an integer value. For example sourcePorts: 80. - /// To filter a range of ports, use a "start-end" range, string format. For example sourcePorts: "80-100". + /// `sourcePorts` defines the source ports to filter flows by. + /// To filter a single port, set a single port as an integer value. For example: `sourcePorts: 80`. + /// To filter a range of ports, use a "start-end" range, string format. For example: `sourcePorts: "80-100"`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourcePorts")] pub source_ports: Option, } @@ -1029,7 +1023,7 @@ pub struct FlowCollectorAgentEbpfMetrics { /// `NetObservDroppedFlows`, which is triggered when the eBPF agent is dropping flows, such as when the BPF hashmap is full or the capacity limiter being triggered.
#[serde(default, skip_serializing_if = "Option::is_none", rename = "disableAlerts")] pub disable_alerts: Option>, - /// Set `enable` to `false` to disable eBPF agent metrics collection, by default it's `true`. + /// Set `enable` to `false` to disable eBPF agent metrics collection. It is enabled by default. #[serde(default, skip_serializing_if = "Option::is_none")] pub enable: Option, /// Metrics server endpoint configuration for Prometheus scraper @@ -1040,7 +1034,7 @@ pub struct FlowCollectorAgentEbpfMetrics { /// Metrics server endpoint configuration for Prometheus scraper #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorAgentEbpfMetricsServer { - /// The prometheus HTTP port + /// The metrics server HTTP port #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// TLS configuration. @@ -1292,36 +1286,32 @@ pub struct FlowCollectorConsolePluginAdvanced { /// `oc patch console.operator.openshift.io cluster --type='json' -p '[{"op": "add", "path": "/spec/plugins/-", "value": "netobserv-plugin"}]'` #[serde(default, skip_serializing_if = "Option::is_none")] pub register: Option, - /// scheduling controls whether the pod will be scheduled or not. + /// scheduling controls how the pods are scheduled on nodes. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheduling: Option, } -/// scheduling controls whether the pod will be scheduled or not. +/// scheduling controls how the pods are scheduled on nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorConsolePluginAdvancedScheduling { - /// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling + /// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. #[serde(default, skip_serializing_if = "Option::is_none")] pub affinity: Option, - /// NodeSelector is a selector which must be true for the pod to fit on a node. - /// Selector which must match a node's labels for the pod to be scheduled on that node. - /// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + /// `nodeSelector` allows to schedule pods only onto nodes that have each of the specified labels. + /// For documentation, refer to https://kubernetes.io/docs/concepts/configuration/assign-pod-node/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, - /// If specified, indicates the pod's priority. "system-node-critical" and - /// "system-cluster-critical" are two special keywords which indicate the - /// highest priorities with the former being the highest priority. Any other - /// name must be defined by creating a PriorityClass object with that name. - /// If not specified, the pod priority will be default or zero if there is no - /// default. + /// If specified, indicates the pod's priority. For documentation, refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#how-to-use-priority-and-preemption. + /// If not specified, default priority is used, or zero if there is no default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "priorityClassName")] pub priority_class_name: Option, - /// tolerations is a list of tolerations that allow the pod to schedule onto nodes with matching taints. + /// `tolerations` is a list of tolerations that allow the pod to schedule onto nodes with matching taints. + /// For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. #[serde(default, skip_serializing_if = "Option::is_none")] pub tolerations: Option>, } -/// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling +/// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorConsolePluginAdvancedSchedulingAffinity { /// Describes node affinity scheduling rules for the pod. @@ -2768,7 +2758,7 @@ pub struct FlowCollectorLoki { /// If they are both disabled, the Console plugin is not deployed. #[serde(default, skip_serializing_if = "Option::is_none")] pub enable: Option, - /// Loki configuration for `LokiStack` mode. This is useful for an easy loki-operator configuration. + /// Loki configuration for `LokiStack` mode. This is useful for an easy Loki Operator configuration. /// It is ignored for other modes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lokiStack")] pub loki_stack: Option, @@ -2827,7 +2817,7 @@ pub struct FlowCollectorLokiAdvanced { pub write_min_backoff: Option, } -/// Loki configuration for `LokiStack` mode. This is useful for an easy loki-operator configuration. +/// Loki configuration for `LokiStack` mode. This is useful for an easy Loki Operator configuration. /// It is ignored for other modes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorLokiLokiStack { @@ -3298,7 +3288,7 @@ pub struct FlowCollectorProcessor { /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// `SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift. + /// `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift, which is used to identify cluster external traffic. /// When a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "subnetLabels")] pub subnet_labels: Option, @@ -3342,36 +3332,32 @@ pub struct FlowCollectorProcessorAdvanced { /// `profilePort` allows setting up a Go pprof profiler listening to this port #[serde(default, skip_serializing_if = "Option::is_none", rename = "profilePort")] pub profile_port: Option, - /// scheduling controls whether the pod will be scheduled or not. + /// scheduling controls how the pods are scheduled on nodes. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheduling: Option, } -/// scheduling controls whether the pod will be scheduled or not. +/// scheduling controls how the pods are scheduled on nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorProcessorAdvancedScheduling { - /// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling + /// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. #[serde(default, skip_serializing_if = "Option::is_none")] pub affinity: Option, - /// NodeSelector is a selector which must be true for the pod to fit on a node. - /// Selector which must match a node's labels for the pod to be scheduled on that node. - /// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + /// `nodeSelector` allows to schedule pods only onto nodes that have each of the specified labels. + /// For documentation, refer to https://kubernetes.io/docs/concepts/configuration/assign-pod-node/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, - /// If specified, indicates the pod's priority. "system-node-critical" and - /// "system-cluster-critical" are two special keywords which indicate the - /// highest priorities with the former being the highest priority. Any other - /// name must be defined by creating a PriorityClass object with that name. - /// If not specified, the pod priority will be default or zero if there is no - /// default. + /// If specified, indicates the pod's priority. For documentation, refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#how-to-use-priority-and-preemption. + /// If not specified, default priority is used, or zero if there is no default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "priorityClassName")] pub priority_class_name: Option, - /// tolerations is a list of tolerations that allow the pod to schedule onto nodes with matching taints. + /// `tolerations` is a list of tolerations that allow the pod to schedule onto nodes with matching taints. + /// For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. #[serde(default, skip_serializing_if = "Option::is_none")] pub tolerations: Option>, } -/// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling +/// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorProcessorAdvancedSchedulingAffinity { /// Describes node affinity scheduling rules for the pod. @@ -4386,7 +4372,7 @@ pub struct FlowCollectorProcessorMetrics { /// Metrics server endpoint configuration for Prometheus scraper #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorProcessorMetricsServer { - /// The prometheus HTTP port + /// The metrics server HTTP port #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// TLS configuration. @@ -4516,7 +4502,7 @@ pub struct FlowCollectorProcessorResourcesClaims { pub name: String, } -/// `SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift. +/// `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift, which is used to identify cluster external traffic. /// When a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorProcessorSubnetLabels { @@ -4553,7 +4539,8 @@ pub struct FlowCollectorPrometheus { /// Prometheus querying configuration, such as client settings, used in the Console plugin. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorPrometheusQuerier { - /// Set `enable` to `true` to make the Console plugin querying flow metrics from Prometheus instead of Loki whenever possible. + /// When `enable` is `true`, the Console plugin queries flow metrics from Prometheus instead of Loki whenever possible. + /// It is enbaled by default: set it to `false` to disable this feature. /// The Console plugin can use either Loki or Prometheus as a data source for metrics (see also `spec.loki`), or both. /// Not all queries are transposable from Loki to Prometheus. Hence, if Loki is disabled, some features of the plugin are disabled as well, /// such as getting per-pod information or viewing raw flows. diff --git a/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/clusteroutputs.rs b/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/clusteroutputs.rs index 4454f2760..a7cd4f903 100644 --- a/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/clusteroutputs.rs +++ b/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/clusteroutputs.rs @@ -41,6 +41,9 @@ pub struct ClusterOutputOutputs { /// out_es plugin #[serde(default, skip_serializing_if = "Option::is_none")] pub elasticsearch: Option, + /// out_es datastreams plugin + #[serde(default, skip_serializing_if = "Option::is_none", rename = "elasticsearchDataStream")] + pub elasticsearch_data_stream: Option, /// format section #[serde(default, skip_serializing_if = "Option::is_none")] pub format: Option, @@ -737,6 +740,201 @@ pub struct ClusterOutputOutputsElasticsearchUserValueFromSecretKeyRef { pub optional: Option, } +/// out_es datastreams plugin +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStream { + /// Optional, Absolute path to CA certificate file + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caFile")] + pub ca_file: Option, + /// Optional, Absolute path to client Certificate file + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCert")] + pub client_cert: Option, + /// Optional, Absolute path to client private Key file + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientKey")] + pub client_key: Option, + /// Optional, password for ClientKey file + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientKeyPassword")] + pub client_key_password: Option, + /// Authenticate towards Elastic Cloud using cloudAuth. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloudAuth")] + pub cloud_auth: Option, + /// Authenticate towards Elastic Cloud using CloudId. If set, cloudAuth must be set as well and host, port, user and password are ignored. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloudId")] + pub cloud_id: Option, + /// You can specify Elasticsearch data stream name by this parameter. This parameter is mandatory for elasticsearch_data_stream + #[serde(rename = "dataStreamName")] + pub data_stream_name: String, + /// The hostname of your Elasticsearch node (default: localhost). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub host: Option, + /// Hosts defines a list of hosts if you want to connect to more than one Elasticsearch nodes + #[serde(default, skip_serializing_if = "Option::is_none")] + pub hosts: Option, + /// Optional, The login credentials to connect to Elasticsearch + #[serde(default, skip_serializing_if = "Option::is_none")] + pub password: Option, + /// Path defines the REST API endpoint of Elasticsearch to post write requests (default: nil). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, + /// The port number of your Elasticsearch node (default: 9200). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// Specify https if your Elasticsearch endpoint supports SSL (default: http). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scheme: Option, + /// Optional, Force certificate validation + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslVerify")] + pub ssl_verify: Option, + /// Optional, The login credentials to connect to Elasticsearch + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// Optional, password for ClientKey file +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamClientKeyPassword { + /// ValueSource defines how to find a value's key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// ValueSource defines how to find a value's key. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamClientKeyPasswordValueFrom { + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamClientKeyPasswordValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Authenticate towards Elastic Cloud using cloudAuth. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamCloudAuth { + /// ValueSource defines how to find a value's key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// ValueSource defines how to find a value's key. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamCloudAuthValueFrom { + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamCloudAuthValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Authenticate towards Elastic Cloud using CloudId. If set, cloudAuth must be set as well and host, port, user and password are ignored. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamCloudId { + /// ValueSource defines how to find a value's key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// ValueSource defines how to find a value's key. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamCloudIdValueFrom { + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamCloudIdValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Optional, The login credentials to connect to Elasticsearch +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamPassword { + /// ValueSource defines how to find a value's key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// ValueSource defines how to find a value's key. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamPasswordValueFrom { + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamPasswordValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Optional, The login credentials to connect to Elasticsearch +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamUser { + /// ValueSource defines how to find a value's key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// ValueSource defines how to find a value's key. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamUserValueFrom { + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOutputOutputsElasticsearchDataStreamUserValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// format section #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOutputOutputsFormat { diff --git a/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/outputs.rs b/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/outputs.rs index af7b19aa7..535c47a8a 100644 --- a/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/outputs.rs +++ b/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/outputs.rs @@ -42,6 +42,9 @@ pub struct OutputOutputs { /// out_es plugin #[serde(default, skip_serializing_if = "Option::is_none")] pub elasticsearch: Option, + /// out_es datastreams plugin + #[serde(default, skip_serializing_if = "Option::is_none", rename = "elasticsearchDataStream")] + pub elasticsearch_data_stream: Option, /// format section #[serde(default, skip_serializing_if = "Option::is_none")] pub format: Option, @@ -738,6 +741,201 @@ pub struct OutputOutputsElasticsearchUserValueFromSecretKeyRef { pub optional: Option, } +/// out_es datastreams plugin +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStream { + /// Optional, Absolute path to CA certificate file + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caFile")] + pub ca_file: Option, + /// Optional, Absolute path to client Certificate file + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCert")] + pub client_cert: Option, + /// Optional, Absolute path to client private Key file + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientKey")] + pub client_key: Option, + /// Optional, password for ClientKey file + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientKeyPassword")] + pub client_key_password: Option, + /// Authenticate towards Elastic Cloud using cloudAuth. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloudAuth")] + pub cloud_auth: Option, + /// Authenticate towards Elastic Cloud using CloudId. If set, cloudAuth must be set as well and host, port, user and password are ignored. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloudId")] + pub cloud_id: Option, + /// You can specify Elasticsearch data stream name by this parameter. This parameter is mandatory for elasticsearch_data_stream + #[serde(rename = "dataStreamName")] + pub data_stream_name: String, + /// The hostname of your Elasticsearch node (default: localhost). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub host: Option, + /// Hosts defines a list of hosts if you want to connect to more than one Elasticsearch nodes + #[serde(default, skip_serializing_if = "Option::is_none")] + pub hosts: Option, + /// Optional, The login credentials to connect to Elasticsearch + #[serde(default, skip_serializing_if = "Option::is_none")] + pub password: Option, + /// Path defines the REST API endpoint of Elasticsearch to post write requests (default: nil). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, + /// The port number of your Elasticsearch node (default: 9200). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// Specify https if your Elasticsearch endpoint supports SSL (default: http). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scheme: Option, + /// Optional, Force certificate validation + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslVerify")] + pub ssl_verify: Option, + /// Optional, The login credentials to connect to Elasticsearch + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// Optional, password for ClientKey file +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamClientKeyPassword { + /// ValueSource defines how to find a value's key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// ValueSource defines how to find a value's key. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamClientKeyPasswordValueFrom { + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamClientKeyPasswordValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Authenticate towards Elastic Cloud using cloudAuth. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamCloudAuth { + /// ValueSource defines how to find a value's key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// ValueSource defines how to find a value's key. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamCloudAuthValueFrom { + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamCloudAuthValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Authenticate towards Elastic Cloud using CloudId. If set, cloudAuth must be set as well and host, port, user and password are ignored. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamCloudId { + /// ValueSource defines how to find a value's key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// ValueSource defines how to find a value's key. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamCloudIdValueFrom { + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamCloudIdValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Optional, The login credentials to connect to Elasticsearch +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamPassword { + /// ValueSource defines how to find a value's key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// ValueSource defines how to find a value's key. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamPasswordValueFrom { + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamPasswordValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Optional, The login credentials to connect to Elasticsearch +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamUser { + /// ValueSource defines how to find a value's key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// ValueSource defines how to find a value's key. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamUserValueFrom { + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OutputOutputsElasticsearchDataStreamUserValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// format section #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OutputOutputsFormat { diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/hosts.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/hosts.rs index 257bd39d2..245df1747 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/hosts.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/hosts.rs @@ -19,16 +19,21 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct HostSpec { - /// The object ID. vsphere: The managed object ID. + /// The object ID. + /// vsphere: + /// The managed object ID. #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, /// IP address used for disk transfer. #[serde(rename = "ipAddress")] pub ip_address: String, - /// An object Name. vsphere: A qualified name. + /// An object Name. + /// vsphere: + /// A qualified name. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// The VM Namespace Only relevant for an openshift source. + /// The VM Namespace + /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Provider @@ -46,22 +51,34 @@ pub struct HostProvider { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -72,22 +89,34 @@ pub struct HostSecret { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs index 7e756f210..9930a0b64 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs @@ -23,23 +23,30 @@ pub struct MigrationSpec { /// List of VMs which will have their imports canceled. #[serde(default, skip_serializing_if = "Option::is_none")] pub cancel: Option>, - /// Date and time to finalize a warm migration. If present, this will override the value set on the Plan. + /// Date and time to finalize a warm migration. + /// If present, this will override the value set on the Plan. #[serde(default, skip_serializing_if = "Option::is_none")] pub cutover: Option, /// Reference to the associated Plan. pub plan: MigrationPlan, } -/// Source reference. Either the ID or Name must be specified. +/// Source reference. +/// Either the ID or Name must be specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MigrationCancel { - /// The object ID. vsphere: The managed object ID. + /// The object ID. + /// vsphere: + /// The managed object ID. #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, - /// An object Name. vsphere: A qualified name. + /// An object Name. + /// vsphere: + /// A qualified name. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// The VM Namespace Only relevant for an openshift source. + /// The VM Namespace + /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Type used to qualify the name. @@ -53,22 +60,34 @@ pub struct MigrationPlan { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -111,13 +130,18 @@ pub struct MigrationStatusVms { /// Enable hooks. #[serde(default, skip_serializing_if = "Option::is_none")] pub hooks: Option>, - /// The object ID. vsphere: The managed object ID. + /// The object ID. + /// vsphere: + /// The managed object ID. #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, - /// An object Name. vsphere: A qualified name. + /// An object Name. + /// vsphere: + /// A qualified name. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// The VM Namespace Only relevant for an openshift source. + /// The VM Namespace + /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Phase @@ -160,22 +184,34 @@ pub struct MigrationStatusVmsHooksHook { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/networkmaps.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/networkmaps.rs index 9315b9805..2cf2f4805 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/networkmaps.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/networkmaps.rs @@ -60,13 +60,18 @@ pub enum NetworkMapMapDestinationType { /// Source network. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NetworkMapMapSource { - /// The object ID. vsphere: The managed object ID. + /// The object ID. + /// vsphere: + /// The managed object ID. #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, - /// An object Name. vsphere: A qualified name. + /// An object Name. + /// vsphere: + /// A qualified name. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// The VM Namespace Only relevant for an openshift source. + /// The VM Namespace + /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Type used to qualify the name. @@ -89,22 +94,34 @@ pub struct NetworkMapProviderDestination { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -115,22 +132,34 @@ pub struct NetworkMapProviderSource { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -148,16 +177,22 @@ pub struct NetworkMapStatus { pub references: Option>, } -/// Source reference. Either the ID or Name must be specified. +/// Source reference. +/// Either the ID or Name must be specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NetworkMapStatusReferences { - /// The object ID. vsphere: The managed object ID. + /// The object ID. + /// vsphere: + /// The managed object ID. #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, - /// An object Name. vsphere: A qualified name. + /// An object Name. + /// vsphere: + /// A qualified name. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// The VM Namespace Only relevant for an openshift source. + /// The VM Namespace + /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Type used to qualify the name. diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/openstackvolumepopulators.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/openstackvolumepopulators.rs index 8df7f093d..52a064558 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/openstackvolumepopulators.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/openstackvolumepopulators.rs @@ -33,22 +33,34 @@ pub struct OpenstackVolumePopulatorTransferNetwork { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/ovirtvolumepopulators.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/ovirtvolumepopulators.rs index b4ee18391..28ce869a1 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/ovirtvolumepopulators.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/ovirtvolumepopulators.rs @@ -33,22 +33,34 @@ pub struct OvirtVolumePopulatorTransferNetwork { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs index d6754cedc..c3d9bff75 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs @@ -64,22 +64,34 @@ pub struct PlanMapNetwork { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -90,22 +102,34 @@ pub struct PlanMapStorage { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -125,22 +149,34 @@ pub struct PlanProviderDestination { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -151,22 +187,34 @@ pub struct PlanProviderSource { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -177,22 +225,34 @@ pub struct PlanTransferNetwork { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -203,13 +263,18 @@ pub struct PlanVms { /// Enable hooks. #[serde(default, skip_serializing_if = "Option::is_none")] pub hooks: Option>, - /// The object ID. vsphere: The managed object ID. + /// The object ID. + /// vsphere: + /// The managed object ID. #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, - /// An object Name. vsphere: A qualified name. + /// An object Name. + /// vsphere: + /// A qualified name. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// The VM Namespace Only relevant for an openshift source. + /// The VM Namespace + /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Type used to qualify the name. @@ -232,22 +297,34 @@ pub struct PlanVmsHooksHook { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -314,7 +391,9 @@ pub struct PlanStatusMigrationHistoryMapNetwork { pub generation: i64, pub name: String, pub namespace: String, - /// UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + /// UID is a type that holds unique ID values, including UUIDs. Because we + /// don't ONLY use UUIDs, this is an alias to string. Being a type captures + /// intent and helps make sure that UIDs and names do not get conflated. pub uid: String, } @@ -324,7 +403,9 @@ pub struct PlanStatusMigrationHistoryMapStorage { pub generation: i64, pub name: String, pub namespace: String, - /// UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + /// UID is a type that holds unique ID values, including UUIDs. Because we + /// don't ONLY use UUIDs, this is an alias to string. Being a type captures + /// intent and helps make sure that UIDs and names do not get conflated. pub uid: String, } @@ -334,7 +415,9 @@ pub struct PlanStatusMigrationHistoryMigration { pub generation: i64, pub name: String, pub namespace: String, - /// UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + /// UID is a type that holds unique ID values, including UUIDs. Because we + /// don't ONLY use UUIDs, this is an alias to string. Being a type captures + /// intent and helps make sure that UIDs and names do not get conflated. pub uid: String, } @@ -344,7 +427,9 @@ pub struct PlanStatusMigrationHistoryPlan { pub generation: i64, pub name: String, pub namespace: String, - /// UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + /// UID is a type that holds unique ID values, including UUIDs. Because we + /// don't ONLY use UUIDs, this is an alias to string. Being a type captures + /// intent and helps make sure that UIDs and names do not get conflated. pub uid: String, } @@ -363,7 +448,9 @@ pub struct PlanStatusMigrationHistoryProviderDestination { pub generation: i64, pub name: String, pub namespace: String, - /// UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + /// UID is a type that holds unique ID values, including UUIDs. Because we + /// don't ONLY use UUIDs, this is an alias to string. Being a type captures + /// intent and helps make sure that UIDs and names do not get conflated. pub uid: String, } @@ -373,7 +460,9 @@ pub struct PlanStatusMigrationHistoryProviderSource { pub generation: i64, pub name: String, pub namespace: String, - /// UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + /// UID is a type that holds unique ID values, including UUIDs. Because we + /// don't ONLY use UUIDs, this is an alias to string. Being a type captures + /// intent and helps make sure that UIDs and names do not get conflated. pub uid: String, } @@ -395,13 +484,18 @@ pub struct PlanStatusMigrationVms { /// Enable hooks. #[serde(default, skip_serializing_if = "Option::is_none")] pub hooks: Option>, - /// The object ID. vsphere: The managed object ID. + /// The object ID. + /// vsphere: + /// The managed object ID. #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, - /// An object Name. vsphere: A qualified name. + /// An object Name. + /// vsphere: + /// A qualified name. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// The VM Namespace Only relevant for an openshift source. + /// The VM Namespace + /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Phase @@ -444,22 +538,34 @@ pub struct PlanStatusMigrationVmsHooksHook { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/providers.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/providers.rs index 32c6a8f19..66b8fc3d9 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/providers.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/providers.rs @@ -20,7 +20,8 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct ProviderSpec { - /// References a secret containing credentials and other confidential information. + /// References a secret containing credentials and + /// other confidential information. pub secret: ProviderSecret, /// Provider settings. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -28,33 +29,47 @@ pub struct ProviderSpec { /// Provider type. #[serde(rename = "type")] pub r#type: String, - /// The provider URL. Empty may be used for the `host` provider. + /// The provider URL. + /// Empty may be used for the `host` provider. #[serde(default, skip_serializing_if = "Option::is_none")] pub url: Option, } -/// References a secret containing credentials and other confidential information. +/// References a secret containing credentials and +/// other confidential information. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ProviderSecret { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/storagemaps.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/storagemaps.rs index 3092ddf24..68a6783aa 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/storagemaps.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/storagemaps.rs @@ -66,13 +66,18 @@ pub enum StorageMapMapDestinationVolumeMode { /// Source storage. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct StorageMapMapSource { - /// The object ID. vsphere: The managed object ID. + /// The object ID. + /// vsphere: + /// The managed object ID. #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, - /// An object Name. vsphere: A qualified name. + /// An object Name. + /// vsphere: + /// A qualified name. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// The VM Namespace Only relevant for an openshift source. + /// The VM Namespace + /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Type used to qualify the name. @@ -95,22 +100,34 @@ pub struct StorageMapProviderDestination { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -121,22 +138,34 @@ pub struct StorageMapProviderSource { /// API version of the referent. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, - /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] pub resource_version: Option, - /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, } @@ -154,16 +183,22 @@ pub struct StorageMapStatus { pub references: Option>, } -/// Source reference. Either the ID or Name must be specified. +/// Source reference. +/// Either the ID or Name must be specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct StorageMapStatusReferences { - /// The object ID. vsphere: The managed object ID. + /// The object ID. + /// vsphere: + /// The managed object ID. #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, - /// An object Name. vsphere: A qualified name. + /// An object Name. + /// vsphere: + /// A qualified name. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// The VM Namespace Only relevant for an openshift source. + /// The VM Namespace + /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Type used to qualify the name. diff --git a/kube-custom-resources-rs/src/hazelcast_com/v1alpha1/hazelcasts.rs b/kube-custom-resources-rs/src/hazelcast_com/v1alpha1/hazelcasts.rs index d174663f6..462936b01 100644 --- a/kube-custom-resources-rs/src/hazelcast_com/v1alpha1/hazelcasts.rs +++ b/kube-custom-resources-rs/src/hazelcast_com/v1alpha1/hazelcasts.rs @@ -44,6 +44,9 @@ pub struct HazelcastSpec { /// Durable Executor Service configurations, see https://docs.hazelcast.com/hazelcast/latest/computing/durable-executor-service #[serde(default, skip_serializing_if = "Option::is_none", rename = "durableExecutorServices")] pub durable_executor_services: Option>, + /// Env configuration of environment variables + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, /// Java Executor Service configurations, see https://docs.hazelcast.com/hazelcast/latest/computing/executor-service #[serde(default, skip_serializing_if = "Option::is_none", rename = "executorServices")] pub executor_services: Option>, @@ -256,6 +259,86 @@ pub struct HazelcastDurableExecutorServices { pub user_code_namespace: Option, } +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HazelcastEnv { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HazelcastEnvValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HazelcastEnvValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HazelcastEnvValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HazelcastEnvValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HazelcastEnvValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct HazelcastExecutorServices { /// The name of the executor service diff --git a/kube-custom-resources-rs/src/hyperfoil_io/v1alpha2/hyperfoils.rs b/kube-custom-resources-rs/src/hyperfoil_io/v1alpha2/hyperfoils.rs index ab01c25ef..3e796a04b 100644 --- a/kube-custom-resources-rs/src/hyperfoil_io/v1alpha2/hyperfoils.rs +++ b/kube-custom-resources-rs/src/hyperfoil_io/v1alpha2/hyperfoils.rs @@ -9,7 +9,7 @@ mod prelude { } use self::prelude::*; -/// HyperfoilSpec Configures Hyperfoil Controller and related resources. +/// HyperfoilSpec defines the desired state of Hyperfoil.It Configures Hyperfoil Controller and related resources. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "hyperfoil.io", version = "v1alpha2", kind = "Hyperfoil", plural = "hyperfoils")] #[kube(namespaced)] @@ -45,13 +45,21 @@ pub struct HyperfoilSpec { /// Specification of the exposed route. This setting is ignored when Openshift Routes are not available (on vanilla Kubernetes). #[serde(default, skip_serializing_if = "Option::is_none")] pub route: Option, - /// List of secrets in this namespace; each entry from those secrets will be mapped as environment variable, using the key as variable name. + /// List of secrets in this namespace; each entry from those secrets will be mapped + /// as environment variable, using the key as variable name. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretEnvVars")] pub secret_env_vars: Option>, - /// Type of the service being exposed. By default this is ClusterIP if Openshift Route resource is available (the route will target this service). If Openshift Routes are not available (on vanilla Kubernetes) the default is NodePort. + /// Type of the service being exposed. By default this is ClusterIP if Openshift Route resource is available (the route will target this service). + /// If Openshift Routes are not available (on vanilla Kubernetes) the default is NodePort. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceType")] pub service_type: Option, - /// If this is set the controller does not start benchmark run right away after hitting /benchmark/my-benchmark/start ; instead it responds with status 301 and header Location set to concatenation of this string and 'BENCHMARK=my-benchmark&RUN_ID=xxxx'. CLI interprets that response as a request to hit CI instance on this URL, assuming that CI will trigger a new job that will eventually call /benchmark/my-benchmark/start?runId=xxxx with header 'x-trigger-job'. This is useful if the the CI has to synchronize Hyperfoil to other benchmarks that don't use this controller instance. + /// If this is set the controller does not start benchmark run right away after hitting + /// /benchmark/my-benchmark/start ; instead it responds with status 301 and header Location + /// set to concatenation of this string and 'BENCHMARK=my-benchmark&RUN_ID=xxxx'. + /// CLI interprets that response as a request to hit CI instance on this URL, assuming that + /// CI will trigger a new job that will eventually call /benchmark/my-benchmark/start?runId=xxxx + /// with header 'x-trigger-job'. This is useful if the the CI has to synchronize Hyperfoil + /// to other benchmarks that don't use this controller instance. #[serde(default, skip_serializing_if = "Option::is_none", rename = "triggerUrl")] pub trigger_url: Option, /// Tag for controller image. Defaults to version matching the operator version. diff --git a/kube-custom-resources-rs/src/infinispan_org/v1/infinispans.rs b/kube-custom-resources-rs/src/infinispan_org/v1/infinispans.rs index c26ecb152..39bbd6adf 100644 --- a/kube-custom-resources-rs/src/infinispan_org/v1/infinispans.rs +++ b/kube-custom-resources-rs/src/infinispan_org/v1/infinispans.rs @@ -629,6 +629,10 @@ pub struct InfinispanScheduling { /// Affinity is a group of affinity scheduling rules. #[serde(default, skip_serializing_if = "Option::is_none")] pub affinity: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, } /// Affinity is a group of affinity scheduling rules. @@ -1037,6 +1041,71 @@ pub struct InfinispanSchedulingAffinityPodAntiAffinityRequiredDuringSchedulingIg pub values: Option>, } +/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InfinispanSchedulingTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InfinispanSchedulingTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + /// This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, +} + +/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InfinispanSchedulingTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InfinispanSchedulingTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// InfinispanSecurity info for the user application connection #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSecurity { diff --git a/kube-custom-resources-rs/src/infra_contrib_fluxcd_io/v1alpha1/terraforms.rs b/kube-custom-resources-rs/src/infra_contrib_fluxcd_io/v1alpha1/terraforms.rs index 8209e4d81..284a132b0 100644 --- a/kube-custom-resources-rs/src/infra_contrib_fluxcd_io/v1alpha1/terraforms.rs +++ b/kube-custom-resources-rs/src/infra_contrib_fluxcd_io/v1alpha1/terraforms.rs @@ -23,7 +23,8 @@ pub struct TerraformSpec { /// Clean the runner pod up after each reconciliation cycle #[serde(default, skip_serializing_if = "Option::is_none", rename = "alwaysCleanupRunnerPod")] pub always_cleanup_runner_pod: Option, - /// ApprovePlan specifies name of a plan wanted to approve. If its value is "auto", the controller will automatically approve every plan. + /// ApprovePlan specifies name of a plan wanted to approve. + /// If its value is "auto", the controller will automatically approve every plan. #[serde(default, skip_serializing_if = "Option::is_none", rename = "approvePlan")] pub approve_plan: Option, /// BackendConfigSpec is for specifying configuration for Terraform's Kubernetes backend @@ -31,10 +32,12 @@ pub struct TerraformSpec { pub backend_config: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendConfigsFrom")] pub backend_configs_from: Option>, - /// BreakTheGlass specifies if the reconciliation should stop and allow interactive shell in case of emergency. + /// BreakTheGlass specifies if the reconciliation should stop + /// and allow interactive shell in case of emergency. #[serde(default, skip_serializing_if = "Option::is_none", rename = "breakTheGlass")] pub break_the_glass: Option, - /// SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace + /// SecretReference represents a Secret Reference. It has enough information to retrieve secret + /// in any namespace #[serde(default, skip_serializing_if = "Option::is_none", rename = "cliConfigSecretRef")] pub cli_config_secret_ref: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -44,10 +47,12 @@ pub struct TerraformSpec { /// Destroy produces a destroy plan. Applying the plan will destroy all resources. #[serde(default, skip_serializing_if = "Option::is_none")] pub destroy: Option, - /// Create destroy plan and apply it to destroy terraform resources upon deletion of this object. Defaults to false. + /// Create destroy plan and apply it to destroy terraform resources + /// upon deletion of this object. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "destroyResourcesOnDeletion")] pub destroy_resources_on_deletion: Option, - /// Disable automatic drift detection. Drift detection may be resource intensive in the context of a large cluster or complex Terraform statefile. Defaults to false. + /// Disable automatic drift detection. Drift detection may be resource intensive in + /// the context of a large cluster or complex Terraform statefile. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableDriftDetection")] pub disable_drift_detection: Option, /// EnableInventory enables the object to store resource entries as the inventory for external use. @@ -59,7 +64,8 @@ pub struct TerraformSpec { /// List of all configuration files to be created in initialization. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileMappings")] pub file_mappings: Option>, - /// Force instructs the controller to unconditionally re-plan and re-apply TF resources. Defaults to false. + /// Force instructs the controller to unconditionally + /// re-plan and re-apply TF resources. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none")] pub force: Option, /// List of health checks to be performed. @@ -70,7 +76,8 @@ pub struct TerraformSpec { /// Parallelism limits the number of concurrent operations of Terraform apply step. Zero (0) means using the default value. #[serde(default, skip_serializing_if = "Option::is_none")] pub parallelism: Option, - /// Path to the directory containing Terraform (.tf) files. Defaults to 'None', which translates to the root path of the SourceRef. + /// Path to the directory containing Terraform (.tf) files. + /// Defaults to 'None', which translates to the root path of the SourceRef. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "readInputsFromSecrets")] @@ -78,15 +85,19 @@ pub struct TerraformSpec { /// RefreshBeforeApply forces refreshing of the state before the apply step. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshBeforeApply")] pub refresh_before_apply: Option, - /// The interval at which to retry a previously failed reconciliation. The default value is 15 when not specified. + /// The interval at which to retry a previously failed reconciliation. + /// The default value is 15 when not specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "retryInterval")] pub retry_interval: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "runnerPodTemplate")] pub runner_pod_template: Option, - /// Configure the termination grace period for the runner pod. Use this parameter to allow the Terraform process to gracefully shutdown. Consider increasing for large, complex or slow-moving Terraform managed resources. + /// Configure the termination grace period for the runner pod. Use this parameter + /// to allow the Terraform process to gracefully shutdown. Consider increasing for + /// large, complex or slow-moving Terraform managed resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runnerTerminationGracePeriodSeconds")] pub runner_termination_grace_period_seconds: Option, - /// Name of a ServiceAccount for the runner Pod to provision Terraform resources. Default to tf-runner. + /// Name of a ServiceAccount for the runner Pod to provision Terraform resources. + /// Default to tf-runner. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountName")] pub service_account_name: Option, /// SourceRef is the reference of the source where the Terraform files are stored. @@ -95,7 +106,8 @@ pub struct TerraformSpec { /// StoreReadablePlan enables storing the plan in a readable format. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storeReadablePlan")] pub store_readable_plan: Option, - /// Suspend is to tell the controller to suspend subsequent TF executions, it does not apply to already started executions. Defaults to false. + /// Suspend is to tell the controller to suspend subsequent TF executions, + /// it does not apply to already started executions. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none")] pub suspend: Option, /// Targets specify the resource, module or collection of resources to target. @@ -104,13 +116,17 @@ pub struct TerraformSpec { /// TFStateSpec allows the user to set ForceUnlock #[serde(default, skip_serializing_if = "Option::is_none")] pub tfstate: Option, - /// Values map to the Terraform variable "values", which is an object of arbitrary values. It is a convenient way to pass values to Terraform resources without having to define a variable for each value. To use this feature, your Terraform file must define the variable "values". + /// Values map to the Terraform variable "values", which is an object of arbitrary values. + /// It is a convenient way to pass values to Terraform resources without having to define + /// a variable for each value. To use this feature, your Terraform file must define the variable "values". #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option, /// List of input variables to set for the Terraform program. #[serde(default, skip_serializing_if = "Option::is_none")] pub vars: Option>, - /// List of references to a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey. Values of the later Secret / ConfigMap with the same keys will override those of the former. + /// List of references to a Secret or a ConfigMap to generate variables for + /// Terraform resources based on its data, selectively by varsKey. Values of the later + /// Secret / ConfigMap with the same keys will override those of the former. #[serde(default, skip_serializing_if = "Option::is_none", rename = "varsFrom")] pub vars_from: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -147,9 +163,12 @@ pub struct TerraformBackendConfigsFrom { pub keys: Option>, /// Kind of the values referent, valid values are ('Secret', 'ConfigMap'). pub kind: TerraformBackendConfigsFromKind, - /// Name of the configs referent. Should reside in the same namespace as the referring resource. + /// Name of the configs referent. Should reside in the same namespace as the + /// referring resource. pub name: String, - /// Optional marks this BackendConfigsReference as optional. When set, a not found error for the values reference is ignored, but any Key or transient error will still result in a reconciliation failure. + /// Optional marks this BackendConfigsReference as optional. When set, a not found error + /// for the values reference is ignored, but any Key or + /// transient error will still result in a reconciliation failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -160,7 +179,8 @@ pub enum TerraformBackendConfigsFromKind { ConfigMap, } -/// SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace +/// SecretReference represents a Secret Reference. It has enough information to retrieve secret +/// in any namespace #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformCliConfigSecretRef { /// name is unique within a namespace to reference a secret resource. @@ -189,7 +209,8 @@ pub struct TerraformCloudWorkspaces { pub tags: Option>, } -/// NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any namespace. +/// NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any +/// namespace. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformDependsOn { /// Name of the referent. @@ -228,26 +249,36 @@ pub struct TerraformFileMappingsSecretRef { pub name: String, } -/// HealthCheck contains configuration needed to perform a health check after terraform is applied. +/// HealthCheck contains configuration needed to perform a health check after +/// terraform is applied. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct TerraformHealthChecks { - /// Address to perform tcp health check on. Required when tcp type is specified. Go template can be used to reference values from the terraform output (e.g. 127.0.0.1:8080, {{.address}}:{{.port}}). + /// Address to perform tcp health check on. Required when tcp type is specified. + /// Go template can be used to reference values from the terraform output + /// (e.g. 127.0.0.1:8080, {{.address}}:{{.port}}). #[serde(default, skip_serializing_if = "Option::is_none")] pub address: Option, /// Name of the health check. pub name: String, - /// The timeout period at which the connection should timeout if unable to complete the request. When not specified, default 20s timeout is used. + /// The timeout period at which the connection should timeout if unable to + /// complete the request. + /// When not specified, default 20s timeout is used. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, - /// Type of the health check, valid values are ('tcp', 'http'). If tcp is specified, address is required. If http is specified, url is required. + /// Type of the health check, valid values are ('tcp', 'http'). + /// If tcp is specified, address is required. + /// If http is specified, url is required. #[serde(rename = "type")] pub r#type: TerraformHealthChecksType, - /// URL to perform http health check on. Required when http type is specified. Go template can be used to reference values from the terraform output (e.g. https://example.org, {{.output_url}}). + /// URL to perform http health check on. Required when http type is specified. + /// Go template can be used to reference values from the terraform output + /// (e.g. https://example.org, {{.output_url}}). #[serde(default, skip_serializing_if = "Option::is_none")] pub url: Option, } -/// HealthCheck contains configuration needed to perform a health check after terraform is applied. +/// HealthCheck contains configuration needed to perform a health check after +/// terraform is applied. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum TerraformHealthChecksType { #[serde(rename = "tcp")] @@ -286,10 +317,16 @@ pub struct TerraformRunnerPodTemplateSpec { /// Set the Affinity for the Runner Pod #[serde(default, skip_serializing_if = "Option::is_none")] pub affinity: Option, - /// List of environment variables to set in the container. Cannot be updated. + /// List of environment variables to set in the container. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, - /// List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + /// List of sources to populate environment variables in the container. + /// The keys defined within a source must be a C_IDENTIFIER. All invalid keys + /// will be reported as an event when the container is starting. When a key exists in multiple + /// sources, the value associated with the last source will take precedence. + /// Values defined by an Env with a duplicate key will take precedence. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "envFrom")] pub env_from: Option>, /// Runner pod image to use other than default @@ -329,15 +366,28 @@ pub struct TerraformRunnerPodTemplateSpecAffinity { /// Describes node affinity scheduling rules for the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option, } -/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { /// A node selector term, associated with the corresponding weight. @@ -357,31 +407,47 @@ pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityPreferredDuringSche pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// Required. A list of node selector terms. The terms are ORed. @@ -389,7 +455,9 @@ pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSched pub node_selector_terms: Vec, } -/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { /// A list of node selector requirements by node's labels. @@ -400,26 +468,38 @@ pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSched pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -427,10 +507,24 @@ pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSched /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -441,7 +535,8 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSched /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -451,13 +546,24 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSched /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -468,59 +574,93 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSched /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -531,42 +671,60 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedu /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -574,10 +732,24 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedu /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -588,7 +760,8 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringS /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -598,13 +771,24 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringS /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -615,59 +799,93 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringS /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -678,42 +896,60 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSc /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -723,7 +959,15 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSc pub struct TerraformRunnerPodTemplateSpecEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -737,10 +981,12 @@ pub struct TerraformRunnerPodTemplateSpecEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -753,7 +999,9 @@ pub struct TerraformRunnerPodTemplateSpecEnvValueFrom { pub struct TerraformRunnerPodTemplateSpecEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -761,7 +1009,8 @@ pub struct TerraformRunnerPodTemplateSpecEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -772,7 +1021,8 @@ pub struct TerraformRunnerPodTemplateSpecEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -790,7 +1040,9 @@ pub struct TerraformRunnerPodTemplateSpecEnvValueFromResourceFieldRef { pub struct TerraformRunnerPodTemplateSpecEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -815,7 +1067,9 @@ pub struct TerraformRunnerPodTemplateSpecEnvFrom { /// The ConfigMap to select from #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecEnvFromConfigMapRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -826,7 +1080,9 @@ pub struct TerraformRunnerPodTemplateSpecEnvFromConfigMapRef { /// The Secret to select from #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecEnvFromSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -837,72 +1093,149 @@ pub struct TerraformRunnerPodTemplateSpecEnvFromSecretRef { /// A single application container that you want to run within a pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainers { - /// Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + /// Arguments to the entrypoint. + /// The container image's CMD is used if this is not provided. + /// Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + /// cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + /// produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + /// of whether the variable exists or not. Cannot be updated. + /// More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell #[serde(default, skip_serializing_if = "Option::is_none")] pub args: Option>, - /// Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + /// Entrypoint array. Not executed within a shell. + /// The container image's ENTRYPOINT is used if this is not provided. + /// Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + /// cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + /// produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + /// of whether the variable exists or not. Cannot be updated. + /// More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// List of environment variables to set in the container. Cannot be updated. + /// List of environment variables to set in the container. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, - /// List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + /// List of sources to populate environment variables in the container. + /// The keys defined within a source must be a C_IDENTIFIER. All invalid keys + /// will be reported as an event when the container is starting. When a key exists in multiple + /// sources, the value associated with the last source will take precedence. + /// Values defined by an Env with a duplicate key will take precedence. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "envFrom")] pub env_from: Option>, - /// Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. + /// Container image name. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, - /// Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + /// Image pull policy. + /// One of Always, Never, IfNotPresent. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + /// Cannot be updated. + /// More info: https://kubernetes.io/docs/concepts/containers/images#updating-images #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullPolicy")] pub image_pull_policy: Option, - /// Actions that the management system should take in response to container lifecycle events. Cannot be updated. + /// Actions that the management system should take in response to container lifecycle events. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub lifecycle: Option, - /// Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Periodic probe of container liveness. + /// Container will be restarted if the probe fails. + /// Cannot be updated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "livenessProbe")] pub liveness_probe: Option, - /// Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + /// Name of the container specified as a DNS_LABEL. + /// Each container in a pod must have a unique name (DNS_LABEL). + /// Cannot be updated. pub name: String, - /// List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. + /// List of ports to expose from the container. Not specifying a port here + /// DOES NOT prevent that port from being exposed. Any port which is + /// listening on the default "0.0.0.0" address inside a container will be + /// accessible from the network. + /// Modifying this array with strategic merge patch may corrupt the data. + /// For more information See https://github.com/kubernetes/kubernetes/issues/108255. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option>, - /// Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Periodic probe of container service readiness. + /// Container will be removed from service endpoints if the probe fails. + /// Cannot be updated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessProbe")] pub readiness_probe: Option, /// Resources resize policy for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resizePolicy")] pub resize_policy: Option>, - /// Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Compute Resources required by this container. + /// Cannot be updated. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + /// SecurityContext defines the security options the container should be run with. + /// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + /// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, - /// StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// StartupProbe indicates that the Pod has successfully initialized. + /// If specified, no other probes are executed until this completes successfully. + /// If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + /// This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + /// when it might take a long time to load data or warm a cache, than during steady-state operation. + /// This cannot be updated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "startupProbe")] pub startup_probe: Option, - /// Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + /// Whether this container should allocate a buffer for stdin in the container runtime. If this + /// is not set, reads from stdin in the container will always result in EOF. + /// Default is false. #[serde(default, skip_serializing_if = "Option::is_none")] pub stdin: Option, - /// Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + /// Whether the container runtime should close the stdin channel after it has been opened by + /// a single attach. When stdin is true the stdin stream will remain open across multiple attach + /// sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + /// first client attaches to stdin, and then remains open and accepts data until the client disconnects, + /// at which time stdin is closed and remains closed until the container is restarted. If this + /// flag is false, a container processes that reads from stdin will never receive an EOF. + /// Default is false #[serde(default, skip_serializing_if = "Option::is_none", rename = "stdinOnce")] pub stdin_once: Option, - /// Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. + /// Optional: Path at which the file to which the container's termination message + /// will be written is mounted into the container's filesystem. + /// Message written is intended to be brief final status, such as an assertion failure message. + /// Will be truncated by the node if greater than 4096 bytes. The total message length across + /// all containers will be limited to 12kb. + /// Defaults to /dev/termination-log. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationMessagePath")] pub termination_message_path: Option, - /// Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + /// Indicate how the termination message should be populated. File will use the contents of + /// terminationMessagePath to populate the container status message on both success and failure. + /// FallbackToLogsOnError will use the last chunk of container log output if the termination + /// message file is empty and the container exited with an error. + /// The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + /// Defaults to File. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationMessagePolicy")] pub termination_message_policy: Option, - /// Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + /// Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + /// Default is false. #[serde(default, skip_serializing_if = "Option::is_none")] pub tty: Option, /// volumeDevices is the list of block devices to be used by the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeDevices")] pub volume_devices: Option>, - /// Pod volumes to mount into the container's filesystem. Cannot be updated. + /// Pod volumes to mount into the container's filesystem. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] pub volume_mounts: Option>, - /// Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + /// Container's working directory. + /// If not specified, the container runtime's default will be used, which + /// might be configured in the container image. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "workingDir")] pub working_dir: Option, } @@ -912,7 +1245,15 @@ pub struct TerraformRunnerPodTemplateSpecInitContainers { pub struct TerraformRunnerPodTemplateSpecInitContainersEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -926,10 +1267,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -942,7 +1285,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFrom { pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -950,7 +1295,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromConfigMapKeyR pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -961,7 +1307,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -979,7 +1326,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromResourceField pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1004,7 +1353,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvFrom { /// The ConfigMap to select from #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersEnvFromConfigMapRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1015,7 +1366,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvFromConfigMapRef { /// The Secret to select from #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersEnvFromSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -1023,18 +1376,33 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvFromSecretRef { pub optional: Option, } -/// Actions that the management system should take in response to container lifecycle events. Cannot be updated. +/// Actions that the management system should take in response to container lifecycle events. +/// Cannot be updated. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecycle { - /// PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + /// PostStart is called immediately after a container is created. If the handler fails, + /// the container is terminated and restarted according to its restart policy. + /// Other management of the container blocks until the hook completes. + /// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks #[serde(default, skip_serializing_if = "Option::is_none", rename = "postStart")] pub post_start: Option, - /// PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + /// PreStop is called immediately before a container is terminated due to an + /// API request or management event such as liveness/startup probe failure, + /// preemption, resource contention, etc. The handler is not called if the + /// container crashes or exits. The Pod's termination grace period countdown begins before the + /// PreStop hook is executed. Regardless of the outcome of the handler, the + /// container will eventually terminate within the Pod's termination grace + /// period (unless delayed by finalizers). Other management of the container blocks until the hook completes + /// or until the termination grace period is reached. + /// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks #[serde(default, skip_serializing_if = "Option::is_none", rename = "preStop")] pub pre_stop: Option, } -/// PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +/// PostStart is called immediately after a container is created. If the handler fails, +/// the container is terminated and restarted according to its restart policy. +/// Other management of the container blocks until the hook completes. +/// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStart { /// Exec specifies the action to take. @@ -1043,7 +1411,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStart { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, - /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. + /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + /// for the backward compatibility. There are no validation of this field and + /// lifecycle hooks will fail in runtime when tcp handler is specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, } @@ -1051,7 +1421,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStart { /// Exec specifies the action to take. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartExec { - /// Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + /// Command is the command line to execute inside the container, the working directory for the + /// command is root ('/') in the container's filesystem. The command is simply exec'd, it is + /// not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + /// a shell, you need to explicitly call out to that shell. + /// Exit status of 0 is treated as live/healthy and non-zero is unhealthy. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, } @@ -1059,7 +1433,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartExec { /// HTTPGet specifies the http request to perform. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartHttpGet { - /// Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + /// Host name to connect to, defaults to the pod IP. You probably want to set + /// "Host" in httpHeaders instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, /// Custom headers to set in the request. HTTP allows repeated headers. @@ -1068,9 +1443,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartHttpGet /// Path to access on the HTTP server. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Name or number of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, - /// Scheme to use for connecting to the host. Defaults to HTTP. + /// Scheme to use for connecting to the host. + /// Defaults to HTTP. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, } @@ -1078,23 +1456,36 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartHttpGet /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartHttpGetHttpHeaders { - /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. + /// The header field name. + /// This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, } -/// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +/// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +/// for the backward compatibility. There are no validation of this field and +/// lifecycle hooks will fail in runtime when tcp handler is specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartTcpSocket { /// Optional: Host name to connect to, defaults to the pod IP. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Number or name of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, } -/// PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +/// PreStop is called immediately before a container is terminated due to an +/// API request or management event such as liveness/startup probe failure, +/// preemption, resource contention, etc. The handler is not called if the +/// container crashes or exits. The Pod's termination grace period countdown begins before the +/// PreStop hook is executed. Regardless of the outcome of the handler, the +/// container will eventually terminate within the Pod's termination grace +/// period (unless delayed by finalizers). Other management of the container blocks until the hook completes +/// or until the termination grace period is reached. +/// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStop { /// Exec specifies the action to take. @@ -1103,7 +1494,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStop { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, - /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. + /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + /// for the backward compatibility. There are no validation of this field and + /// lifecycle hooks will fail in runtime when tcp handler is specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, } @@ -1111,7 +1504,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStop { /// Exec specifies the action to take. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopExec { - /// Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + /// Command is the command line to execute inside the container, the working directory for the + /// command is root ('/') in the container's filesystem. The command is simply exec'd, it is + /// not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + /// a shell, you need to explicitly call out to that shell. + /// Exit status of 0 is treated as live/healthy and non-zero is unhealthy. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, } @@ -1119,7 +1516,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopExec { /// HTTPGet specifies the http request to perform. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopHttpGet { - /// Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + /// Host name to connect to, defaults to the pod IP. You probably want to set + /// "Host" in httpHeaders instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, /// Custom headers to set in the request. HTTP allows repeated headers. @@ -1128,9 +1526,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopHttpGet { /// Path to access on the HTTP server. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Name or number of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, - /// Scheme to use for connecting to the host. Defaults to HTTP. + /// Scheme to use for connecting to the host. + /// Defaults to HTTP. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, } @@ -1138,29 +1539,38 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopHttpGetHttpHeaders { - /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. + /// The header field name. + /// This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, } -/// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +/// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +/// for the backward compatibility. There are no validation of this field and +/// lifecycle hooks will fail in runtime when tcp handler is specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopTcpSocket { /// Optional: Host name to connect to, defaults to the pod IP. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Number or name of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, } -/// Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +/// Periodic probe of container liveness. +/// Container will be restarted if the probe fails. +/// Cannot be updated. +/// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbe { /// Exec specifies the action to take. #[serde(default, skip_serializing_if = "Option::is_none")] pub exec: Option, - /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + /// Minimum consecutive failures for the probe to be considered failed after having succeeded. + /// Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. @@ -1169,22 +1579,36 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbe { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, - /// Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after the container has started before liveness probes are initiated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "initialDelaySeconds")] pub initial_delay_seconds: Option, - /// How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + /// How often (in seconds) to perform the probe. + /// Default to 10 seconds. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "periodSeconds")] pub period_seconds: Option, - /// Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + /// Minimum consecutive successes for the probe to be considered successful after having failed. + /// Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "successThreshold")] pub success_threshold: Option, /// TCPSocket specifies an action involving a TCP port. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, - /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + /// The grace period is the duration in seconds after the processes running in the pod are sent + /// a termination signal and the time when the processes are forcibly halted with a kill signal. + /// Set this value longer than the expected cleanup time for your process. + /// If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + /// value overrides the value provided by the pod spec. + /// Value must be non-negative integer. The value zero indicates stop immediately via + /// the kill signal (no opportunity to shut down). + /// This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + /// Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after which the probe times out. + /// Defaults to 1 second. Minimum value is 1. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] pub timeout_seconds: Option, } @@ -1192,7 +1616,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbe { /// Exec specifies the action to take. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeExec { - /// Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + /// Command is the command line to execute inside the container, the working directory for the + /// command is root ('/') in the container's filesystem. The command is simply exec'd, it is + /// not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + /// a shell, you need to explicitly call out to that shell. + /// Exit status of 0 is treated as live/healthy and non-zero is unhealthy. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, } @@ -1202,8 +1630,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeExec { pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. pub port: i32, - /// Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - /// If this is not specified, the default behavior is defined by gRPC. + /// Service is the name of the service to place in the gRPC HealthCheckRequest + /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + /// + /// + /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } @@ -1211,7 +1642,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeGrpc { /// HTTPGet specifies the http request to perform. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeHttpGet { - /// Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + /// Host name to connect to, defaults to the pod IP. You probably want to set + /// "Host" in httpHeaders instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, /// Custom headers to set in the request. HTTP allows repeated headers. @@ -1220,9 +1652,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeHttpGet { /// Path to access on the HTTP server. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Name or number of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, - /// Scheme to use for connecting to the host. Defaults to HTTP. + /// Scheme to use for connecting to the host. + /// Defaults to HTTP. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, } @@ -1230,7 +1665,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeHttpGetHttpHeaders { - /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. + /// The header field name. + /// This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -1242,37 +1678,50 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeTcpSocket { /// Optional: Host name to connect to, defaults to the pod IP. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Number or name of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, } /// ContainerPort represents a network port in a single container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersPorts { - /// Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + /// Number of port to expose on the pod's IP address. + /// This must be a valid port number, 0 < x < 65536. #[serde(rename = "containerPort")] pub container_port: i32, /// What host IP to bind the external port to. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostIP")] pub host_ip: Option, - /// Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + /// Number of port to expose on the host. + /// If specified, this must be a valid port number, 0 < x < 65536. + /// If HostNetwork is specified, this must match ContainerPort. + /// Most containers do not need this. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] pub host_port: Option, - /// If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + /// If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + /// named port in a pod must have a unique name. Name for the port that can be + /// referred to by services. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + /// Protocol for port. Must be UDP, TCP, or SCTP. + /// Defaults to "TCP". #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, } -/// Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +/// Periodic probe of container service readiness. +/// Container will be removed from service endpoints if the probe fails. +/// Cannot be updated. +/// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbe { /// Exec specifies the action to take. #[serde(default, skip_serializing_if = "Option::is_none")] pub exec: Option, - /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + /// Minimum consecutive failures for the probe to be considered failed after having succeeded. + /// Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. @@ -1281,22 +1730,36 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbe { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, - /// Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after the container has started before liveness probes are initiated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "initialDelaySeconds")] pub initial_delay_seconds: Option, - /// How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + /// How often (in seconds) to perform the probe. + /// Default to 10 seconds. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "periodSeconds")] pub period_seconds: Option, - /// Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + /// Minimum consecutive successes for the probe to be considered successful after having failed. + /// Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "successThreshold")] pub success_threshold: Option, /// TCPSocket specifies an action involving a TCP port. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, - /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + /// The grace period is the duration in seconds after the processes running in the pod are sent + /// a termination signal and the time when the processes are forcibly halted with a kill signal. + /// Set this value longer than the expected cleanup time for your process. + /// If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + /// value overrides the value provided by the pod spec. + /// Value must be non-negative integer. The value zero indicates stop immediately via + /// the kill signal (no opportunity to shut down). + /// This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + /// Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after which the probe times out. + /// Defaults to 1 second. Minimum value is 1. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] pub timeout_seconds: Option, } @@ -1304,7 +1767,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbe { /// Exec specifies the action to take. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeExec { - /// Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + /// Command is the command line to execute inside the container, the working directory for the + /// command is root ('/') in the container's filesystem. The command is simply exec'd, it is + /// not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + /// a shell, you need to explicitly call out to that shell. + /// Exit status of 0 is treated as live/healthy and non-zero is unhealthy. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, } @@ -1314,8 +1781,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeExec { pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. pub port: i32, - /// Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - /// If this is not specified, the default behavior is defined by gRPC. + /// Service is the name of the service to place in the gRPC HealthCheckRequest + /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + /// + /// + /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } @@ -1323,7 +1793,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeGrpc { /// HTTPGet specifies the http request to perform. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeHttpGet { - /// Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + /// Host name to connect to, defaults to the pod IP. You probably want to set + /// "Host" in httpHeaders instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, /// Custom headers to set in the request. HTTP allows repeated headers. @@ -1332,9 +1803,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeHttpGet { /// Path to access on the HTTP server. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Name or number of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, - /// Scheme to use for connecting to the host. Defaults to HTTP. + /// Scheme to use for connecting to the host. + /// Defaults to HTTP. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, } @@ -1342,7 +1816,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeHttpGetHttpHeaders { - /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. + /// The header field name. + /// This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -1354,33 +1829,49 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeTcpSocket { /// Optional: Host name to connect to, defaults to the pod IP. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Number or name of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, } /// ContainerResizePolicy represents resource resize policy for the container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersResizePolicy { - /// Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. + /// Name of the resource to which this resource resize policy applies. + /// Supported values: cpu, memory. #[serde(rename = "resourceName")] pub resource_name: String, - /// Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. + /// Restart policy to apply when specified resource is resized. + /// If not specified, it defaults to NotRequired. #[serde(rename = "restartPolicy")] pub restart_policy: String, } -/// Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +/// Compute Resources required by this container. +/// Cannot be updated. +/// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -1388,49 +1879,95 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersResources { /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. pub name: String, } -/// SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +/// SecurityContext defines the security options the container should be run with. +/// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +/// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContext { - /// AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, - /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, - /// Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, - /// procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] pub proc_mount: Option, - /// Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] pub read_only_root_filesystem: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextCapabilities { /// Added capabilities @@ -1441,7 +1978,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextCapabiliti pub drop: Option>, } -/// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -1458,42 +1999,74 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextSeLinuxOpt pub user: Option, } -/// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must only be set if type is "Localhost". #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// This field is alpha-level and will only be honored by components that enable the + /// WindowsHostProcessContainers feature flag. Setting this field without the feature + /// flag will result in errors when validating the Pod. All of a Pod's containers must + /// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess + /// containers and non-HostProcess containers). In addition, if HostProcess is true + /// then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } -/// StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +/// StartupProbe indicates that the Pod has successfully initialized. +/// If specified, no other probes are executed until this completes successfully. +/// If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +/// This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +/// when it might take a long time to load data or warm a cache, than during steady-state operation. +/// This cannot be updated. +/// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbe { /// Exec specifies the action to take. #[serde(default, skip_serializing_if = "Option::is_none")] pub exec: Option, - /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + /// Minimum consecutive failures for the probe to be considered failed after having succeeded. + /// Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. @@ -1502,22 +2075,36 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbe { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, - /// Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after the container has started before liveness probes are initiated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "initialDelaySeconds")] pub initial_delay_seconds: Option, - /// How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + /// How often (in seconds) to perform the probe. + /// Default to 10 seconds. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "periodSeconds")] pub period_seconds: Option, - /// Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + /// Minimum consecutive successes for the probe to be considered successful after having failed. + /// Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "successThreshold")] pub success_threshold: Option, /// TCPSocket specifies an action involving a TCP port. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, - /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + /// The grace period is the duration in seconds after the processes running in the pod are sent + /// a termination signal and the time when the processes are forcibly halted with a kill signal. + /// Set this value longer than the expected cleanup time for your process. + /// If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + /// value overrides the value provided by the pod spec. + /// Value must be non-negative integer. The value zero indicates stop immediately via + /// the kill signal (no opportunity to shut down). + /// This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + /// Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after which the probe times out. + /// Defaults to 1 second. Minimum value is 1. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] pub timeout_seconds: Option, } @@ -1525,7 +2112,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbe { /// Exec specifies the action to take. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeExec { - /// Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + /// Command is the command line to execute inside the container, the working directory for the + /// command is root ('/') in the container's filesystem. The command is simply exec'd, it is + /// not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + /// a shell, you need to explicitly call out to that shell. + /// Exit status of 0 is treated as live/healthy and non-zero is unhealthy. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, } @@ -1535,8 +2126,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeExec { pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. pub port: i32, - /// Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - /// If this is not specified, the default behavior is defined by gRPC. + /// Service is the name of the service to place in the gRPC HealthCheckRequest + /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + /// + /// + /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } @@ -1544,7 +2138,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeGrpc { /// HTTPGet specifies the http request to perform. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeHttpGet { - /// Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + /// Host name to connect to, defaults to the pod IP. You probably want to set + /// "Host" in httpHeaders instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, /// Custom headers to set in the request. HTTP allows repeated headers. @@ -1553,9 +2148,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeHttpGet { /// Path to access on the HTTP server. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Name or number of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, - /// Scheme to use for connecting to the host. Defaults to HTTP. + /// Scheme to use for connecting to the host. + /// Defaults to HTTP. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, } @@ -1563,7 +2161,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeHttpGetHttpHeaders { - /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. + /// The header field name. + /// This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -1575,7 +2174,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeTcpSocket { /// Optional: Host name to connect to, defaults to the pod IP. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Number or name of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, } @@ -1592,41 +2193,60 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersVolumeDevices { /// VolumeMount describes a mounting of a Volume within a container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersVolumeMounts { - /// Path within the container at which the volume should be mounted. Must not contain ':'. + /// Path within the container at which the volume should be mounted. Must + /// not contain ':'. #[serde(rename = "mountPath")] pub mount_path: String, - /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + /// mountPropagation determines how mounts are propagated from the host + /// to container and the other way around. + /// When not set, MountPropagationNone is used. + /// This field is beta in 1.10. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] pub mount_propagation: Option, /// This must match the Name of a Volume. pub name: String, - /// Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + /// Mounted read-only if true, read-write otherwise (false or unspecified). + /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + /// Path within the volume from which the container's volume should be mounted. + /// Defaults to "" (volume's root). #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, - /// Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + /// Expanded path within the volume from which the container's volume should be mounted. + /// Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + /// Defaults to "" (volume's root). + /// SubPathExpr and SubPath are mutually exclusive. #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] pub sub_path_expr: Option, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. #[serde(default, skip_serializing_if = "Option::is_none")] pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, } @@ -1634,21 +2254,30 @@ pub struct TerraformRunnerPodTemplateSpecTolerations { /// VolumeMount describes a mounting of a Volume within a container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumeMounts { - /// Path within the container at which the volume should be mounted. Must not contain ':'. + /// Path within the container at which the volume should be mounted. Must + /// not contain ':'. #[serde(rename = "mountPath")] pub mount_path: String, - /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + /// mountPropagation determines how mounts are propagated from the host + /// to container and the other way around. + /// When not set, MountPropagationNone is used. + /// This field is beta in 1.10. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] pub mount_propagation: Option, /// This must match the Name of a Volume. pub name: String, - /// Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + /// Mounted read-only if true, read-write otherwise (false or unspecified). + /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + /// Path within the volume from which the container's volume should be mounted. + /// Defaults to "" (volume's root). #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, - /// Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + /// Expanded path within the volume from which the container's volume should be mounted. + /// Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + /// Defaults to "" (volume's root). + /// SubPathExpr and SubPath are mutually exclusive. #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] pub sub_path_expr: Option, } @@ -1656,7 +2285,9 @@ pub struct TerraformRunnerPodTemplateSpecVolumeMounts { /// Volume represents a named volume in a pod that may be accessed by any container in the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumes { - /// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] pub aws_elastic_block_store: Option, /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. @@ -1668,7 +2299,8 @@ pub struct TerraformRunnerPodTemplateSpecVolumes { /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub cephfs: Option, - /// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// cinder represents a cinder volume attached and mounted on kubelets host machine. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub cinder: Option, /// configMap represents a configMap that should populate this volume @@ -1680,46 +2312,91 @@ pub struct TerraformRunnerPodTemplateSpecVolumes { /// downwardAPI represents downward API about the pod that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] pub downward_api: Option, - /// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// emptyDir represents a temporary directory that shares a pod's lifetime. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] pub empty_dir: Option, - /// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - /// A pod can use both types of ephemeral volumes and persistent volumes at the same time. + /// ephemeral represents a volume that is handled by a cluster storage driver. + /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + /// and deleted when the pod is removed. + /// + /// + /// Use this if: + /// a) the volume is only needed while the pod runs, + /// b) features of normal volumes like restoring from snapshot or capacity + /// tracking are needed, + /// c) the storage driver is specified through a storage class, and + /// d) the storage driver supports dynamic volume provisioning through + /// a PersistentVolumeClaim (see EphemeralVolumeSource for more + /// information on the connection between this volume type + /// and PersistentVolumeClaim). + /// + /// + /// Use PersistentVolumeClaim or one of the vendor-specific + /// APIs for volumes that persist for longer than the lifecycle + /// of an individual pod. + /// + /// + /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + /// be used that way - see the documentation of the driver for + /// more information. + /// + /// + /// A pod can use both types of ephemeral volumes and + /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] pub ephemeral: Option, /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[serde(default, skip_serializing_if = "Option::is_none")] pub fc: Option, - /// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + /// flexVolume represents a generic volume resource that is + /// provisioned/attached using an exec based plugin. #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] pub flex_volume: Option, /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[serde(default, skip_serializing_if = "Option::is_none")] pub flocker: Option, - /// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// gcePersistentDisk represents a GCE Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] pub gce_persistent_disk: Option, - /// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. + /// gitRepo represents a git repository at a particular revision. + /// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + /// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + /// into the Pod's container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] pub git_repo: Option, - /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub glusterfs: Option, - /// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. + /// hostPath represents a pre-existing file or directory on the host + /// machine that is directly exposed to the container. This is generally + /// used for system agents or other privileged things that are allowed + /// to see the host machine. Most containers will NOT need this. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// --- + /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, - /// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md + /// iscsi represents an ISCSI Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://examples.k8s.io/volumes/iscsi/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub iscsi: Option, - /// name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// name of the volume. + /// Must be a DNS_LABEL and unique within the pod. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names pub name: String, - /// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// nfs represents an NFS mount on the host that shares a pod's lifetime + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none")] pub nfs: Option, - /// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// persistentVolumeClaimVolumeSource represents a reference to a + /// PersistentVolumeClaim in the same namespace. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] pub persistent_volume_claim: Option, /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine @@ -1734,13 +2411,15 @@ pub struct TerraformRunnerPodTemplateSpecVolumes { /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub quobyte: Option, - /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/rbd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub rbd: Option, /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] pub scale_io: Option, - /// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secret represents a secret that should populate this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. @@ -1751,19 +2430,30 @@ pub struct TerraformRunnerPodTemplateSpecVolumes { pub vsphere_volume: Option, } -/// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesAwsElasticBlockStore { - /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// readOnly value true will force the readOnly setting in VolumeMounts. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(rename = "volumeID")] pub volume_id: String, } @@ -1780,13 +2470,16 @@ pub struct TerraformRunnerPodTemplateSpecVolumesAzureDisk { /// diskURI is the URI of data disk in the blob storage #[serde(rename = "diskURI")] pub disk_uri: String, - /// fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is Filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } @@ -1794,7 +2487,8 @@ pub struct TerraformRunnerPodTemplateSpecVolumesAzureDisk { /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesAzureFile { - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, /// secretName is the name of secret that contains Azure Storage Account Name and Key @@ -1808,54 +2502,74 @@ pub struct TerraformRunnerPodTemplateSpecVolumesAzureFile { /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCephfs { - /// monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// monitors is Required: Monitors is a collection of Ceph monitors + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it pub monitors: Vec, /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] pub secret_file: Option, - /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// user is optional: User is the rados user name, default is admin + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +/// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCephfsSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +/// cinder represents a cinder volume attached and mounted on kubelets host machine. +/// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCinder { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. + /// secretRef is optional: points to a secret object containing parameters used to connect + /// to OpenStack. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// volumeID used to identify the volume in cinder. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(rename = "volumeID")] pub volume_id: String, } -/// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +/// secretRef is optional: points to a secret object containing parameters used to connect +/// to OpenStack. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCinderSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1863,13 +2577,27 @@ pub struct TerraformRunnerPodTemplateSpecVolumesCinderSecretRef { /// configMap represents a configMap that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesConfigMap { - /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -1882,36 +2610,59 @@ pub struct TerraformRunnerPodTemplateSpecVolumesConfigMap { pub struct TerraformRunnerPodTemplateSpecVolumesConfigMapItems { /// key is the key to project. pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. pub path: String, } /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCsi { - /// driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + /// driver is the name of the CSI driver that handles this volume. + /// Consult with your admin for the correct name as registered in the cluster. pub driver: String, - /// fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + /// fsType to mount. Ex. "ext4", "xfs", "ntfs". + /// If not provided, the empty value is passed to the associated CSI driver + /// which will determine the default filesystem to apply. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + /// nodePublishSecretRef is a reference to the secret object containing + /// sensitive information to pass to the CSI driver to complete the CSI + /// NodePublishVolume and NodeUnpublishVolume calls. + /// This field is optional, and may be empty if no secret is required. If the + /// secret object contains more than one secret, all secret references are passed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] pub node_publish_secret_ref: Option, - /// readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). + /// readOnly specifies a read-only configuration for the volume. + /// Defaults to false (read/write). #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + /// volumeAttributes stores driver-specific properties that are passed to the CSI + /// driver. Consult your driver's documentation for supported values. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] pub volume_attributes: Option>, } -/// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +/// nodePublishSecretRef is a reference to the secret object containing +/// sensitive information to pass to the CSI driver to complete the CSI +/// NodePublishVolume and NodeUnpublishVolume calls. +/// This field is optional, and may be empty if no secret is required. If the +/// secret object contains more than one secret, all secret references are passed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCsiNodePublishSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1919,7 +2670,14 @@ pub struct TerraformRunnerPodTemplateSpecVolumesCsiNodePublishSecretRef { /// downwardAPI represents downward API about the pod that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesDownwardApi { - /// Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// Optional: mode bits to use on created files by default. Must be a + /// Optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, /// Items is a list of downward API volume file @@ -1933,12 +2691,18 @@ pub struct TerraformRunnerPodTemplateSpecVolumesDownwardApiItems { /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' pub path: String, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, } @@ -1954,7 +2718,8 @@ pub struct TerraformRunnerPodTemplateSpecVolumesDownwardApiItemsFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesDownwardApiItemsResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -1967,72 +2732,190 @@ pub struct TerraformRunnerPodTemplateSpecVolumesDownwardApiItemsResourceFieldRef pub resource: String, } -/// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +/// emptyDir represents a temporary directory that shares a pod's lifetime. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEmptyDir { - /// medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// medium represents what type of storage medium should back this directory. + /// The default is "" which means to use the node's default medium. + /// Must be an empty string (default) or Memory. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none")] pub medium: Option, - /// sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// sizeLimit is the total amount of local storage required for this EmptyDir volume. + /// The size limit is also applicable for memory medium. + /// The maximum usage on memory medium EmptyDir would be the minimum value between + /// the SizeLimit specified here and the sum of memory limits of all containers in a pod. + /// The default is nil which means that the limit is undefined. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] pub size_limit: Option, } -/// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. -/// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). -/// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. -/// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. -/// A pod can use both types of ephemeral volumes and persistent volumes at the same time. +/// ephemeral represents a volume that is handled by a cluster storage driver. +/// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +/// and deleted when the pod is removed. +/// +/// +/// Use this if: +/// a) the volume is only needed while the pod runs, +/// b) features of normal volumes like restoring from snapshot or capacity +/// tracking are needed, +/// c) the storage driver is specified through a storage class, and +/// d) the storage driver supports dynamic volume provisioning through +/// a PersistentVolumeClaim (see EphemeralVolumeSource for more +/// information on the connection between this volume type +/// and PersistentVolumeClaim). +/// +/// +/// Use PersistentVolumeClaim or one of the vendor-specific +/// APIs for volumes that persist for longer than the lifecycle +/// of an individual pod. +/// +/// +/// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +/// be used that way - see the documentation of the driver for +/// more information. +/// +/// +/// A pod can use both types of ephemeral volumes and +/// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeral { - /// Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - /// An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - /// This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - /// Required, must not be nil. + /// Will be used to create a stand-alone PVC to provision the volume. + /// The pod in which this EphemeralVolumeSource is embedded will be the + /// owner of the PVC, i.e. the PVC will be deleted together with the + /// pod. The name of the PVC will be `-` where + /// `` is the name from the `PodSpec.Volumes` array + /// entry. Pod validation will reject the pod if the concatenated name + /// is not valid for a PVC (for example, too long). + /// + /// + /// An existing PVC with that name that is not owned by the pod + /// will *not* be used for the pod to avoid using an unrelated + /// volume by mistake. Starting the pod is then blocked until + /// the unrelated PVC is removed. If such a pre-created PVC is + /// meant to be used by the pod, the PVC has to updated with an + /// owner reference to the pod once the pod exists. Normally + /// this should not be necessary, but it may be useful when + /// manually reconstructing a broken cluster. + /// + /// + /// This field is read-only and no changes will be made by Kubernetes + /// to the PVC after it has been created. + /// + /// + /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, } -/// Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). -/// An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. -/// This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. -/// Required, must not be nil. +/// Will be used to create a stand-alone PVC to provision the volume. +/// The pod in which this EphemeralVolumeSource is embedded will be the +/// owner of the PVC, i.e. the PVC will be deleted together with the +/// pod. The name of the PVC will be `-` where +/// `` is the name from the `PodSpec.Volumes` array +/// entry. Pod validation will reject the pod if the concatenated name +/// is not valid for a PVC (for example, too long). +/// +/// +/// An existing PVC with that name that is not owned by the pod +/// will *not* be used for the pod to avoid using an unrelated +/// volume by mistake. Starting the pod is then blocked until +/// the unrelated PVC is removed. If such a pre-created PVC is +/// meant to be used by the pod, the PVC has to updated with an +/// owner reference to the pod once the pod exists. Normally +/// this should not be necessary, but it may be useful when +/// manually reconstructing a broken cluster. +/// +/// +/// This field is read-only and no changes will be made by Kubernetes +/// to the PVC after it has been created. +/// +/// +/// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { - /// May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. + /// May contain labels and annotations that will be copied into the PVC + /// when creating it. No other fields are allowed and will be rejected during + /// validation. #[serde(default, skip_serializing_if = "Option::is_none")] pub metadata: Option, - /// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. + /// The specification for the PersistentVolumeClaim. The entire content is + /// copied unchanged into the PVC that gets created from this + /// template. The same fields as in a PersistentVolumeClaim + /// are also valid here. pub spec: TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec, } -/// May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +/// May contain labels and annotations that will be copied into the PVC +/// when creating it. No other fields are allowed and will be rejected during +/// validation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateMetadata { } -/// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +/// The specification for the PersistentVolumeClaim. The entire content is +/// copied unchanged into the PVC that gets created from this +/// template. The same fields as in a PersistentVolumeClaim +/// are also valid here. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec { - /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + /// accessModes contains the desired access modes the volume should have. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. + /// dataSource field can be used to specify either: + /// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + /// * An existing PVC (PersistentVolumeClaim) + /// If the provisioner or an external controller can support the specified data source, + /// it will create a new volume based on the contents of the specified data source. + /// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + /// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + /// If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + /// volume is desired. This may be any object from a non-empty API group (non + /// core object) or a PersistentVolumeClaim object. + /// When this field is specified, volume binding will only succeed if the type of + /// the specified object matches some installed volume populator or dynamic + /// provisioner. + /// This field will replace the functionality of the dataSource field and as such + /// if both fields are non-empty, they must have the same value. For backwards + /// compatibility, when namespace isn't specified in dataSourceRef, + /// both fields (dataSource and dataSourceRef) will be set to the same + /// value automatically if one of them is empty and the other is non-empty. + /// When namespace is specified in dataSourceRef, + /// dataSource isn't set to the same value and must be empty. + /// There are three important differences between dataSource and dataSourceRef: + /// * While dataSource only allows two specific types of objects, dataSourceRef + /// allows any non-core object, as well as PersistentVolumeClaim objects. + /// * While dataSource ignores disallowed values (dropping them), dataSourceRef + /// preserves all values, and generates an error if a disallowed value is + /// specified. + /// * While dataSource only allows local objects, dataSourceRef allows objects + /// in any namespaces. + /// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, - /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + /// resources represents the minimum resources the volume should have. + /// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + /// that are lower than previous value but must still be higher than capacity recorded in the + /// status field of the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, /// selector is a label query over volumes to consider for binding. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, - /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + /// storageClassName is the name of the StorageClass required by the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, - /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + /// volumeMode defines what type of volume is required by the claim. + /// Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, /// volumeName is the binding reference to the PersistentVolume backing this claim. @@ -2040,10 +2923,19 @@ pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec pub volume_name: Option, } -/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +/// dataSource field can be used to specify either: +/// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +/// * An existing PVC (PersistentVolumeClaim) +/// If the provisioner or an external controller can support the specified data source, +/// it will create a new volume based on the contents of the specified data source. +/// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +/// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +/// If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpecDataSource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced @@ -2052,33 +2944,73 @@ pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec pub name: String, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +/// volume is desired. This may be any object from a non-empty API group (non +/// core object) or a PersistentVolumeClaim object. +/// When this field is specified, volume binding will only succeed if the type of +/// the specified object matches some installed volume populator or dynamic +/// provisioner. +/// This field will replace the functionality of the dataSource field and as such +/// if both fields are non-empty, they must have the same value. For backwards +/// compatibility, when namespace isn't specified in dataSourceRef, +/// both fields (dataSource and dataSourceRef) will be set to the same +/// value automatically if one of them is empty and the other is non-empty. +/// When namespace is specified in dataSourceRef, +/// dataSource isn't set to the same value and must be empty. +/// There are three important differences between dataSource and dataSourceRef: +/// * While dataSource only allows two specific types of objects, dataSourceRef +/// allows any non-core object, as well as PersistentVolumeClaim objects. +/// * While dataSource ignores disallowed values (dropping them), dataSourceRef +/// preserves all values, and generates an error if a disallowed value is +/// specified. +/// * While dataSource only allows local objects, dataSourceRef allows objects +/// in any namespaces. +/// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced pub kind: String, /// Name is the name of resource being referenced pub name: String, - /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + /// Namespace is the namespace of resource being referenced + /// Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + /// (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +/// resources represents the minimum resources the volume should have. +/// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +/// that are lower than previous value but must still be higher than capacity recorded in the +/// status field of the claim. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpecResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -2086,7 +3018,9 @@ pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpecResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. pub name: String, } @@ -2096,19 +3030,26 @@ pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpecSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -2116,46 +3057,65 @@ pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesFc { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number #[serde(default, skip_serializing_if = "Option::is_none")] pub lun: Option, - /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, /// targetWWNs is Optional: FC target worldwide names (WWNs) #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] pub target_ww_ns: Option>, - /// wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + /// wwids Optional: FC volume world wide identifiers (wwids) + /// Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. #[serde(default, skip_serializing_if = "Option::is_none")] pub wwids: Option>, } -/// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +/// flexVolume represents a generic volume resource that is +/// provisioned/attached using an exec based plugin. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesFlexVolume { /// driver is the name of the driver to use for this volume. pub driver: String, - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// options is Optional: this field holds extra command options if any. #[serde(default, skip_serializing_if = "Option::is_none")] pub options: Option>, - /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. + /// secretRef is Optional: secretRef is reference to the secret object containing + /// sensitive information to pass to the plugin scripts. This may be + /// empty if no secret object is specified. If the secret object + /// contains more than one secret, all secrets are passed to the plugin + /// scripts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, } -/// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +/// secretRef is Optional: secretRef is reference to the secret object containing +/// sensitive information to pass to the plugin scripts. This may be +/// empty if no secret object is specified. If the secret object +/// contains more than one secret, all secrets are passed to the plugin +/// scripts. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesFlexVolumeSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2163,7 +3123,8 @@ pub struct TerraformRunnerPodTemplateSpecVolumesFlexVolumeSecretRef { /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesFlocker { - /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + /// should be considered as deprecated #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] pub dataset_name: Option, /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset @@ -2171,27 +3132,46 @@ pub struct TerraformRunnerPodTemplateSpecVolumesFlocker { pub dataset_uuid: Option, } -/// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +/// gcePersistentDisk represents a GCE Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesGcePersistentDisk { - /// fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(rename = "pdName")] pub pd_name: String, - /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +/// gitRepo represents a git repository at a particular revision. +/// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +/// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +/// into the Pod's container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesGitRepo { - /// directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + /// directory is the target directory name. + /// Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + /// git repository. Otherwise, if specified, the volume will contain the git repository in + /// the subdirectory with the given name. #[serde(default, skip_serializing_if = "Option::is_none")] pub directory: Option, /// repository is the URL @@ -2201,29 +3181,47 @@ pub struct TerraformRunnerPodTemplateSpecVolumesGitRepo { pub revision: Option, } -/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/glusterfs/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesGlusterfs { - /// endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// endpoints is the endpoint name that details Glusterfs topology. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub endpoints: String, - /// path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// path is the Glusterfs volume path. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub path: String, - /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +/// hostPath represents a pre-existing file or directory on the host +/// machine that is directly exposed to the container. This is generally +/// used for system agents or other privileged things that are allowed +/// to see the host machine. Most containers will NOT need this. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +/// --- +/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesHostPath { - /// path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// path of the directory on the host. + /// If the path is a symlink, it will follow the link to the real path. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath pub path: String, - /// type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// type for HostPath Volume + /// Defaults to "" + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } -/// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +/// iscsi represents an ISCSI Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://examples.k8s.io/volumes/iscsi/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesIscsi { /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication @@ -2232,29 +3230,39 @@ pub struct TerraformRunnerPodTemplateSpecVolumesIscsi { /// chapAuthSession defines whether support iSCSI Session CHAP authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] pub chap_auth_session: Option, - /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + /// initiatorName is the custom iSCSI Initiator Name. + /// If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + /// : will be created for the connection. #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] pub initiator_name: Option, /// iqn is the target iSCSI Qualified Name. pub iqn: String, - /// iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + /// iscsiInterface is the interface Name that uses an iSCSI transport. + /// Defaults to 'default' (tcp). #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] pub iscsi_interface: Option, /// lun represents iSCSI Target Lun number. pub lun: i32, - /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). #[serde(default, skip_serializing_if = "Option::is_none")] pub portals: Option>, - /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, /// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). #[serde(rename = "targetPortal")] pub target_portal: String, } @@ -2262,30 +3270,41 @@ pub struct TerraformRunnerPodTemplateSpecVolumesIscsi { /// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesIscsiSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +/// nfs represents an NFS mount on the host that shares a pod's lifetime +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesNfs { - /// path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// path that is exported by the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub path: String, - /// readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// readOnly here will force the NFS export to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// server is the hostname or IP address of the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub server: String, } -/// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +/// persistentVolumeClaimVolumeSource represents a reference to a +/// PersistentVolumeClaim in the same namespace. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesPersistentVolumeClaim { - /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(rename = "claimName")] pub claim_name: String, - /// readOnly Will force the ReadOnly setting in VolumeMounts. Default false. + /// readOnly Will force the ReadOnly setting in VolumeMounts. + /// Default false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } @@ -2293,7 +3312,9 @@ pub struct TerraformRunnerPodTemplateSpecVolumesPersistentVolumeClaim { /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesPhotonPersistentDisk { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// pdID is the ID that identifies Photon Controller persistent disk @@ -2304,10 +3325,13 @@ pub struct TerraformRunnerPodTemplateSpecVolumesPhotonPersistentDisk { /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesPortworxVolume { - /// fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + /// fSType represents the filesystem type to mount + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, /// volumeID uniquely identifies a Portworx volume @@ -2318,7 +3342,12 @@ pub struct TerraformRunnerPodTemplateSpecVolumesPortworxVolume { /// projected items for all in one resources secrets, configmaps, and downward API #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesProjected { - /// defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode are the mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, /// sources is the list of volume projections @@ -2346,10 +3375,18 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSources { /// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesConfigMap { - /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -2362,10 +3399,18 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesConfigMap { pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesConfigMapItems { /// key is the key to project. pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. pub path: String, } @@ -2383,12 +3428,18 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesDownwardApiItems /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' pub path: String, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, } @@ -2404,7 +3455,8 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesDownwardApiItems pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -2420,10 +3472,18 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesDownwardApiItems /// secret information about the secret data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesSecret { - /// items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced + /// Secret will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the Secret, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -2436,78 +3496,124 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesSecret { pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesSecretItems { /// key is the key to project. pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. pub path: String, } /// serviceAccountToken is information about the serviceAccountToken data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesServiceAccountToken { - /// audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + /// audience is the intended audience of the token. A recipient of a token + /// must identify itself with an identifier specified in the audience of the + /// token, and otherwise should reject the token. The audience defaults to the + /// identifier of the apiserver. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, - /// expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + /// expirationSeconds is the requested duration of validity of the service + /// account token. As the token approaches expiration, the kubelet volume + /// plugin will proactively rotate the service account token. The kubelet will + /// start trying to rotate the token if the token is older than 80 percent of + /// its time to live or if the token is older than 24 hours.Defaults to 1 hour + /// and must be at least 10 minutes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] pub expiration_seconds: Option, - /// path is the path relative to the mount point of the file to project the token into. + /// path is the path relative to the mount point of the file to project the + /// token into. pub path: String, } /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesQuobyte { - /// group to map volume access to Default is no group + /// group to map volume access to + /// Default is no group #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. + /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + /// registry represents a single or multiple Quobyte Registry services + /// specified as a string as host:port pair (multiple entries are separated with commas) + /// which acts as the central registry for volumes pub registry: String, - /// tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + /// tenant owning the given Quobyte volume in the Backend + /// Used with dynamically provisioned Quobyte volumes, value is set by the plugin #[serde(default, skip_serializing_if = "Option::is_none")] pub tenant: Option, - /// user to map volume access to Defaults to serivceaccount user + /// user to map volume access to + /// Defaults to serivceaccount user #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, /// volume is a string that references an already created Quobyte volume by name. pub volume: String, } -/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/rbd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesRbd { - /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// image is the rados image name. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub image: String, - /// keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// keyring is the path to key ring for RBDUser. + /// Default is /etc/ceph/keyring. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub keyring: Option, - /// monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// monitors is a collection of Ceph monitors. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub monitors: Vec, - /// pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// pool is the rados pool name. + /// Default is rbd. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub pool: Option, - /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// secretRef is name of the authentication secret for RBDUser. If provided + /// overrides keyring. + /// Default is nil. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// user is the rados user name. + /// Default is admin. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +/// secretRef is name of the authentication secret for RBDUser. If provided +/// overrides keyring. +/// Default is nil. +/// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesRbdSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2515,7 +3621,10 @@ pub struct TerraformRunnerPodTemplateSpecVolumesRbdSecretRef { /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesScaleIo { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". + /// Default is "xfs". #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// gateway is the host address of the ScaleIO API Gateway. @@ -2523,16 +3632,19 @@ pub struct TerraformRunnerPodTemplateSpecVolumesScaleIo { /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] pub protection_domain: Option, - /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + /// secretRef references to the secret for ScaleIO user and other + /// sensitive information. If this is not provided, Login operation will fail. #[serde(rename = "secretRef")] pub secret_ref: TerraformRunnerPodTemplateSpecVolumesScaleIoSecretRef, /// sslEnabled Flag enable/disable SSL communication with Gateway, default false #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] pub ssl_enabled: Option, - /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + /// Default is ThinProvisioned. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] pub storage_mode: Option, /// storagePool is the ScaleIO Storage Pool associated with the protection domain. @@ -2540,32 +3652,50 @@ pub struct TerraformRunnerPodTemplateSpecVolumesScaleIo { pub storage_pool: Option, /// system is the name of the storage system as configured in ScaleIO. pub system: String, - /// volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. + /// volumeName is the name of a volume already created in the ScaleIO system + /// that is associated with this volume source. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, } -/// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +/// secretRef references to the secret for ScaleIO user and other +/// sensitive information. If this is not provided, Login operation will fail. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesScaleIoSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +/// secret represents a secret that should populate this volume. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesSecret { - /// defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is Optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values + /// for mode bits. Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items If unspecified, each key-value pair in the Data field of the referenced + /// Secret will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the Secret, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// optional field specify whether the Secret or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, - /// secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secretName is the name of the secret in the pod's namespace to use. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] pub secret_name: Option, } @@ -2575,37 +3705,58 @@ pub struct TerraformRunnerPodTemplateSpecVolumesSecret { pub struct TerraformRunnerPodTemplateSpecVolumesSecretItems { /// key is the key to project. pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. pub path: String, } /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesStorageos { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + /// secretRef specifies the secret to use for obtaining the StorageOS API + /// credentials. If not specified, default values will be attempted. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + /// volumeName is the human-readable name of the StorageOS volume. Volume + /// names are only unique within a namespace. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, - /// volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + /// volumeNamespace specifies the scope of the volume within StorageOS. If no + /// namespace is specified then the Pod's namespace will be used. This allows the + /// Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + /// Set VolumeName to any name to override the default behaviour. + /// Set to "default" if you are not using namespaces within StorageOS. + /// Namespaces that do not pre-exist within StorageOS will be created. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] pub volume_namespace: Option, } -/// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +/// secretRef specifies the secret to use for obtaining the StorageOS API +/// credentials. If not specified, default values will be attempted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesStorageosSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2613,7 +3764,9 @@ pub struct TerraformRunnerPodTemplateSpecVolumesStorageosSecretRef { /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesVsphereVolume { - /// fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. @@ -2665,15 +3818,33 @@ pub enum TerraformStoreReadablePlan { /// TFStateSpec allows the user to set ForceUnlock #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformTfstate { - /// ForceUnlock a Terraform state if it has become locked for any reason. Defaults to `no`. - /// This is an Enum and has the expected values of: - /// - auto - yes - no - /// WARNING: Only use `auto` in the cases where you are absolutely certain that no other system is using this state, you could otherwise end up in a bad place See https://www.terraform.io/language/state/locking#force-unlock for more information on the terraform state lock and force unlock. + /// ForceUnlock a Terraform state if it has become locked for any reason. Defaults to `no`. + /// + /// + /// This is an Enum and has the expected values of: + /// + /// + /// - auto + /// - yes + /// - no + /// + /// + /// WARNING: Only use `auto` in the cases where you are absolutely certain that + /// no other system is using this state, you could otherwise end up in a bad place + /// See https://www.terraform.io/language/state/locking#force-unlock for more + /// information on the terraform state lock and force unlock. #[serde(default, skip_serializing_if = "Option::is_none", rename = "forceUnlock")] pub force_unlock: Option, - /// LockIdentifier holds the Identifier required by Terraform to unlock the state if it ever gets into a locked state. - /// You'll need to put the Lock Identifier in here while setting ForceUnlock to either `yes` or `auto`. - /// Leave this empty to do nothing, set this to the value of the `Lock Info: ID: [value]`, e.g. `f2ab685b-f84d-ac0b-a125-378a22877e8d`, to force unlock the state. + /// LockIdentifier holds the Identifier required by Terraform to unlock the state + /// if it ever gets into a locked state. + /// + /// + /// You'll need to put the Lock Identifier in here while setting ForceUnlock to + /// either `yes` or `auto`. + /// + /// + /// Leave this empty to do nothing, set this to the value of the `Lock Info: ID: [value]`, + /// e.g. `f2ab685b-f84d-ac0b-a125-378a22877e8d`, to force unlock the state. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lockIdentifier")] pub lock_identifier: Option, } @@ -2706,10 +3877,12 @@ pub struct TerraformVarsValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -2722,7 +3895,9 @@ pub struct TerraformVarsValueFrom { pub struct TerraformVarsValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2730,7 +3905,8 @@ pub struct TerraformVarsValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformVarsValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -2741,7 +3917,8 @@ pub struct TerraformVarsValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformVarsValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -2759,7 +3936,9 @@ pub struct TerraformVarsValueFromResourceFieldRef { pub struct TerraformVarsValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2767,14 +3946,18 @@ pub struct TerraformVarsValueFromSecretKeyRef { pub optional: Option, } -/// VarsReference contain a reference of a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey. +/// VarsReference contain a reference of a Secret or a ConfigMap to generate +/// variables for Terraform resources based on its data, selectively by varsKey. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct TerraformVarsFrom { /// Kind of the values referent, valid values are ('Secret', 'ConfigMap'). pub kind: TerraformVarsFromKind, - /// Name of the values referent. Should reside in the same namespace as the referring resource. + /// Name of the values referent. Should reside in the same namespace as the + /// referring resource. pub name: String, - /// Optional marks this VarsReference as optional. When set, a not found error for the values reference is ignored, but any VarsKey or transient error will still result in a reconciliation failure. + /// Optional marks this VarsReference as optional. When set, a not found error + /// for the values reference is ignored, but any VarsKey or + /// transient error will still result in a reconciliation failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, /// VarsKeys is the data key at which a specific value can be found. Defaults to all keys. @@ -2782,7 +3965,8 @@ pub struct TerraformVarsFrom { pub vars_keys: Option>, } -/// VarsReference contain a reference of a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey. +/// VarsReference contain a reference of a Secret or a ConfigMap to generate +/// variables for Terraform resources based on its data, selectively by varsKey. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum TerraformVarsFromKind { Secret, @@ -2814,7 +3998,8 @@ pub enum TerraformWebhooksStage { pub struct TerraformWriteOutputsToSecret { /// Name is the name of the Secret to be written pub name: String, - /// Outputs contain the selected names of outputs to be written to the secret. Empty array means writing all outputs, which is default. + /// Outputs contain the selected names of outputs to be written + /// to the secret. Empty array means writing all outputs, which is default. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, } @@ -2829,10 +4014,12 @@ pub struct TerraformStatus { /// Inventory contains the list of Terraform resource object references that have been successfully applied. #[serde(default, skip_serializing_if = "Option::is_none")] pub inventory: Option, - /// LastAppliedByDriftDetectionAt is the time when the last drift was detected and terraform apply was performed as a result + /// LastAppliedByDriftDetectionAt is the time when the last drift was detected and + /// terraform apply was performed as a result #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastAppliedByDriftDetectionAt")] pub last_applied_by_drift_detection_at: Option, - /// The last successfully applied revision. The revision format for Git sources is /. + /// The last successfully applied revision. + /// The revision format for Git sources is /. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastAppliedRevision")] pub last_applied_revision: Option, /// LastAttemptedRevision is the revision of the last reconciliation attempt. @@ -2841,10 +4028,13 @@ pub struct TerraformStatus { /// LastDriftDetectedAt is the time when the last drift was detected #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastDriftDetectedAt")] pub last_drift_detected_at: Option, - /// LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected. + /// LastHandledReconcileAt holds the value of the most recent + /// reconcile request value, so a change of the annotation value + /// can be detected. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastHandledReconcileAt")] pub last_handled_reconcile_at: Option, - /// LastPlannedRevision is the revision used by the last planning process. The result could be either no plan change or a new plan generated. + /// LastPlannedRevision is the revision used by the last planning process. + /// The result could be either no plan change or a new plan generated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastPlannedRevision")] pub last_planned_revision: Option, /// LockStatus defines the observed state of a Terraform State Lock diff --git a/kube-custom-resources-rs/src/infra_contrib_fluxcd_io/v1alpha2/terraforms.rs b/kube-custom-resources-rs/src/infra_contrib_fluxcd_io/v1alpha2/terraforms.rs index 8402bb760..a64b810a6 100644 --- a/kube-custom-resources-rs/src/infra_contrib_fluxcd_io/v1alpha2/terraforms.rs +++ b/kube-custom-resources-rs/src/infra_contrib_fluxcd_io/v1alpha2/terraforms.rs @@ -23,7 +23,8 @@ pub struct TerraformSpec { /// Clean the runner pod up after each reconciliation cycle #[serde(default, skip_serializing_if = "Option::is_none", rename = "alwaysCleanupRunnerPod")] pub always_cleanup_runner_pod: Option, - /// ApprovePlan specifies name of a plan wanted to approve. If its value is "auto", the controller will automatically approve every plan. + /// ApprovePlan specifies name of a plan wanted to approve. + /// If its value is "auto", the controller will automatically approve every plan. #[serde(default, skip_serializing_if = "Option::is_none", rename = "approvePlan")] pub approve_plan: Option, /// BackendConfigSpec is for specifying configuration for Terraform's Kubernetes backend @@ -34,10 +35,12 @@ pub struct TerraformSpec { /// BranchPlanner configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "branchPlanner")] pub branch_planner: Option, - /// BreakTheGlass specifies if the reconciliation should stop and allow interactive shell in case of emergency. + /// BreakTheGlass specifies if the reconciliation should stop + /// and allow interactive shell in case of emergency. #[serde(default, skip_serializing_if = "Option::is_none", rename = "breakTheGlass")] pub break_the_glass: Option, - /// SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace + /// SecretReference represents a Secret Reference. It has enough information to retrieve secret + /// in any namespace #[serde(default, skip_serializing_if = "Option::is_none", rename = "cliConfigSecretRef")] pub cli_config_secret_ref: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -47,10 +50,12 @@ pub struct TerraformSpec { /// Destroy produces a destroy plan. Applying the plan will destroy all resources. #[serde(default, skip_serializing_if = "Option::is_none")] pub destroy: Option, - /// Create destroy plan and apply it to destroy terraform resources upon deletion of this object. Defaults to false. + /// Create destroy plan and apply it to destroy terraform resources + /// upon deletion of this object. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "destroyResourcesOnDeletion")] pub destroy_resources_on_deletion: Option, - /// Disable automatic drift detection. Drift detection may be resource intensive in the context of a large cluster or complex Terraform statefile. Defaults to false. + /// Disable automatic drift detection. Drift detection may be resource intensive in + /// the context of a large cluster or complex Terraform statefile. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableDriftDetection")] pub disable_drift_detection: Option, /// EnableInventory enables the object to store resource entries as the inventory for external use. @@ -62,7 +67,8 @@ pub struct TerraformSpec { /// List of all configuration files to be created in initialization. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileMappings")] pub file_mappings: Option>, - /// Force instructs the controller to unconditionally re-plan and re-apply TF resources. Defaults to false. + /// Force instructs the controller to unconditionally + /// re-plan and re-apply TF resources. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none")] pub force: Option, /// List of health checks to be performed. @@ -73,10 +79,12 @@ pub struct TerraformSpec { /// Parallelism limits the number of concurrent operations of Terraform apply step. Zero (0) means using the default value. #[serde(default, skip_serializing_if = "Option::is_none")] pub parallelism: Option, - /// Path to the directory containing Terraform (.tf) files. Defaults to 'None', which translates to the root path of the SourceRef. + /// Path to the directory containing Terraform (.tf) files. + /// Defaults to 'None', which translates to the root path of the SourceRef. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// PlanOnly specifies if the reconciliation should or should not stop at plan phase. + /// PlanOnly specifies if the reconciliation should or should not stop at plan + /// phase. #[serde(default, skip_serializing_if = "Option::is_none", rename = "planOnly")] pub plan_only: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "readInputsFromSecrets")] @@ -84,18 +92,23 @@ pub struct TerraformSpec { /// RefreshBeforeApply forces refreshing of the state before the apply step. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshBeforeApply")] pub refresh_before_apply: Option, - /// Remediation specifies what the controller should do when reconciliation fails. The default is to not perform any action. + /// Remediation specifies what the controller should do when reconciliation + /// fails. The default is to not perform any action. #[serde(default, skip_serializing_if = "Option::is_none")] pub remediation: Option, - /// The interval at which to retry a previously failed reconciliation. The default value is 15 when not specified. + /// The interval at which to retry a previously failed reconciliation. + /// The default value is 15 when not specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "retryInterval")] pub retry_interval: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "runnerPodTemplate")] pub runner_pod_template: Option, - /// Configure the termination grace period for the runner pod. Use this parameter to allow the Terraform process to gracefully shutdown. Consider increasing for large, complex or slow-moving Terraform managed resources. + /// Configure the termination grace period for the runner pod. Use this parameter + /// to allow the Terraform process to gracefully shutdown. Consider increasing for + /// large, complex or slow-moving Terraform managed resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runnerTerminationGracePeriodSeconds")] pub runner_termination_grace_period_seconds: Option, - /// Name of a ServiceAccount for the runner Pod to provision Terraform resources. Default to tf-runner. + /// Name of a ServiceAccount for the runner Pod to provision Terraform resources. + /// Default to tf-runner. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountName")] pub service_account_name: Option, /// SourceRef is the reference of the source where the Terraform files are stored. @@ -104,7 +117,8 @@ pub struct TerraformSpec { /// StoreReadablePlan enables storing the plan in a readable format. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storeReadablePlan")] pub store_readable_plan: Option, - /// Suspend is to tell the controller to suspend subsequent TF executions, it does not apply to already started executions. Defaults to false. + /// Suspend is to tell the controller to suspend subsequent TF executions, + /// it does not apply to already started executions. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none")] pub suspend: Option, /// Targets specify the resource, module or collection of resources to target. @@ -116,13 +130,17 @@ pub struct TerraformSpec { /// TFStateSpec allows the user to set ForceUnlock #[serde(default, skip_serializing_if = "Option::is_none")] pub tfstate: Option, - /// Values map to the Terraform variable "values", which is an object of arbitrary values. It is a convenient way to pass values to Terraform resources without having to define a variable for each value. To use this feature, your Terraform file must define the variable "values". + /// Values map to the Terraform variable "values", which is an object of arbitrary values. + /// It is a convenient way to pass values to Terraform resources without having to define + /// a variable for each value. To use this feature, your Terraform file must define the variable "values". #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option, /// List of input variables to set for the Terraform program. #[serde(default, skip_serializing_if = "Option::is_none")] pub vars: Option>, - /// List of references to a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey. Values of the later Secret / ConfigMap with the same keys will override those of the former. + /// List of references to a Secret or a ConfigMap to generate variables for + /// Terraform resources based on its data, selectively by varsKey. Values of the later + /// Secret / ConfigMap with the same keys will override those of the former. #[serde(default, skip_serializing_if = "Option::is_none", rename = "varsFrom")] pub vars_from: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -159,9 +177,12 @@ pub struct TerraformBackendConfigsFrom { pub keys: Option>, /// Kind of the values referent, valid values are ('Secret', 'ConfigMap'). pub kind: TerraformBackendConfigsFromKind, - /// Name of the configs referent. Should reside in the same namespace as the referring resource. + /// Name of the configs referent. Should reside in the same namespace as the + /// referring resource. pub name: String, - /// Optional marks this BackendConfigsReference as optional. When set, a not found error for the values reference is ignored, but any Key or transient error will still result in a reconciliation failure. + /// Optional marks this BackendConfigsReference as optional. When set, a not found error + /// for the values reference is ignored, but any Key or + /// transient error will still result in a reconciliation failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -175,12 +196,15 @@ pub enum TerraformBackendConfigsFromKind { /// BranchPlanner configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformBranchPlanner { - /// EnablePathScope specifies if the Branch Planner should or shouldn't check if a Pull Request has changes under `.spec.path`. If enabled extra resources will be created only if there are any changes in terraform files. + /// EnablePathScope specifies if the Branch Planner should or shouldn't check + /// if a Pull Request has changes under `.spec.path`. If enabled extra + /// resources will be created only if there are any changes in terraform files. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enablePathScope")] pub enable_path_scope: Option, } -/// SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace +/// SecretReference represents a Secret Reference. It has enough information to retrieve secret +/// in any namespace #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformCliConfigSecretRef { /// name is unique within a namespace to reference a secret resource. @@ -209,7 +233,8 @@ pub struct TerraformCloudWorkspaces { pub tags: Option>, } -/// NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any namespace. +/// NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any +/// namespace. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformDependsOn { /// Name of the referent. @@ -248,26 +273,36 @@ pub struct TerraformFileMappingsSecretRef { pub name: String, } -/// HealthCheck contains configuration needed to perform a health check after terraform is applied. +/// HealthCheck contains configuration needed to perform a health check after +/// terraform is applied. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct TerraformHealthChecks { - /// Address to perform tcp health check on. Required when tcp type is specified. Go template can be used to reference values from the terraform output (e.g. 127.0.0.1:8080, {{.address}}:{{.port}}). + /// Address to perform tcp health check on. Required when tcp type is specified. + /// Go template can be used to reference values from the terraform output + /// (e.g. 127.0.0.1:8080, {{.address}}:{{.port}}). #[serde(default, skip_serializing_if = "Option::is_none")] pub address: Option, /// Name of the health check. pub name: String, - /// The timeout period at which the connection should timeout if unable to complete the request. When not specified, default 20s timeout is used. + /// The timeout period at which the connection should timeout if unable to + /// complete the request. + /// When not specified, default 20s timeout is used. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, - /// Type of the health check, valid values are ('tcp', 'http'). If tcp is specified, address is required. If http is specified, url is required. + /// Type of the health check, valid values are ('tcp', 'http'). + /// If tcp is specified, address is required. + /// If http is specified, url is required. #[serde(rename = "type")] pub r#type: TerraformHealthChecksType, - /// URL to perform http health check on. Required when http type is specified. Go template can be used to reference values from the terraform output (e.g. https://example.org, {{.output_url}}). + /// URL to perform http health check on. Required when http type is specified. + /// Go template can be used to reference values from the terraform output + /// (e.g. https://example.org, {{.output_url}}). #[serde(default, skip_serializing_if = "Option::is_none")] pub url: Option, } -/// HealthCheck contains configuration needed to perform a health check after terraform is applied. +/// HealthCheck contains configuration needed to perform a health check after +/// terraform is applied. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum TerraformHealthChecksType { #[serde(rename = "tcp")] @@ -283,10 +318,13 @@ pub struct TerraformReadInputsFromSecrets { pub name: String, } -/// Remediation specifies what the controller should do when reconciliation fails. The default is to not perform any action. +/// Remediation specifies what the controller should do when reconciliation +/// fails. The default is to not perform any action. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRemediation { - /// Retries is the number of retries that should be attempted on failures before bailing. Defaults to '0', a negative integer denotes unlimited retries. + /// Retries is the number of retries that should be attempted on failures + /// before bailing. Defaults to '0', a negative integer denotes unlimited + /// retries. #[serde(default, skip_serializing_if = "Option::is_none")] pub retries: Option, } @@ -314,10 +352,16 @@ pub struct TerraformRunnerPodTemplateSpec { /// Set the Affinity for the Runner Pod #[serde(default, skip_serializing_if = "Option::is_none")] pub affinity: Option, - /// List of environment variables to set in the container. Cannot be updated. + /// List of environment variables to set in the container. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, - /// List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + /// List of sources to populate environment variables in the container. + /// The keys defined within a source must be a C_IDENTIFIER. All invalid keys + /// will be reported as an event when the container is starting. When a key exists in multiple + /// sources, the value associated with the last source will take precedence. + /// Values defined by an Env with a duplicate key will take precedence. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "envFrom")] pub env_from: Option>, /// Set host aliases for the Runner Pod @@ -369,15 +413,28 @@ pub struct TerraformRunnerPodTemplateSpecAffinity { /// Describes node affinity scheduling rules for the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option, } -/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { /// A node selector term, associated with the corresponding weight. @@ -397,31 +454,47 @@ pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityPreferredDuringSche pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// Required. A list of node selector terms. The terms are ORed. @@ -429,7 +502,9 @@ pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSched pub node_selector_terms: Vec, } -/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { /// A list of node selector requirements by node's labels. @@ -440,26 +515,38 @@ pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSched pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -467,10 +554,24 @@ pub struct TerraformRunnerPodTemplateSpecAffinityNodeAffinityRequiredDuringSched /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -481,7 +582,8 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSched /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -491,13 +593,24 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSched /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -508,59 +621,93 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSched /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -571,42 +718,60 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedu /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -614,10 +779,24 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedu /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -628,7 +807,8 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringS /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -638,13 +818,24 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringS /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -655,59 +846,93 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringS /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -718,42 +943,60 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSc /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -763,7 +1006,15 @@ pub struct TerraformRunnerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSc pub struct TerraformRunnerPodTemplateSpecEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -777,10 +1028,12 @@ pub struct TerraformRunnerPodTemplateSpecEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -793,7 +1046,9 @@ pub struct TerraformRunnerPodTemplateSpecEnvValueFrom { pub struct TerraformRunnerPodTemplateSpecEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -801,7 +1056,8 @@ pub struct TerraformRunnerPodTemplateSpecEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -812,7 +1068,8 @@ pub struct TerraformRunnerPodTemplateSpecEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -830,7 +1087,9 @@ pub struct TerraformRunnerPodTemplateSpecEnvValueFromResourceFieldRef { pub struct TerraformRunnerPodTemplateSpecEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -855,7 +1114,9 @@ pub struct TerraformRunnerPodTemplateSpecEnvFrom { /// The ConfigMap to select from #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecEnvFromConfigMapRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -866,7 +1127,9 @@ pub struct TerraformRunnerPodTemplateSpecEnvFromConfigMapRef { /// The Secret to select from #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecEnvFromSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -874,7 +1137,8 @@ pub struct TerraformRunnerPodTemplateSpecEnvFromSecretRef { pub optional: Option, } -/// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. +/// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the +/// pod's hosts file. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecHostAliases { /// Hostnames for the above IP address. @@ -888,72 +1152,149 @@ pub struct TerraformRunnerPodTemplateSpecHostAliases { /// A single application container that you want to run within a pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainers { - /// Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + /// Arguments to the entrypoint. + /// The container image's CMD is used if this is not provided. + /// Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + /// cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + /// produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + /// of whether the variable exists or not. Cannot be updated. + /// More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell #[serde(default, skip_serializing_if = "Option::is_none")] pub args: Option>, - /// Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + /// Entrypoint array. Not executed within a shell. + /// The container image's ENTRYPOINT is used if this is not provided. + /// Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + /// cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + /// produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + /// of whether the variable exists or not. Cannot be updated. + /// More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// List of environment variables to set in the container. Cannot be updated. + /// List of environment variables to set in the container. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, - /// List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + /// List of sources to populate environment variables in the container. + /// The keys defined within a source must be a C_IDENTIFIER. All invalid keys + /// will be reported as an event when the container is starting. When a key exists in multiple + /// sources, the value associated with the last source will take precedence. + /// Values defined by an Env with a duplicate key will take precedence. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "envFrom")] pub env_from: Option>, - /// Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. + /// Container image name. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, - /// Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + /// Image pull policy. + /// One of Always, Never, IfNotPresent. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + /// Cannot be updated. + /// More info: https://kubernetes.io/docs/concepts/containers/images#updating-images #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullPolicy")] pub image_pull_policy: Option, - /// Actions that the management system should take in response to container lifecycle events. Cannot be updated. + /// Actions that the management system should take in response to container lifecycle events. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub lifecycle: Option, - /// Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Periodic probe of container liveness. + /// Container will be restarted if the probe fails. + /// Cannot be updated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "livenessProbe")] pub liveness_probe: Option, - /// Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + /// Name of the container specified as a DNS_LABEL. + /// Each container in a pod must have a unique name (DNS_LABEL). + /// Cannot be updated. pub name: String, - /// List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. + /// List of ports to expose from the container. Not specifying a port here + /// DOES NOT prevent that port from being exposed. Any port which is + /// listening on the default "0.0.0.0" address inside a container will be + /// accessible from the network. + /// Modifying this array with strategic merge patch may corrupt the data. + /// For more information See https://github.com/kubernetes/kubernetes/issues/108255. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option>, - /// Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Periodic probe of container service readiness. + /// Container will be removed from service endpoints if the probe fails. + /// Cannot be updated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessProbe")] pub readiness_probe: Option, /// Resources resize policy for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resizePolicy")] pub resize_policy: Option>, - /// Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Compute Resources required by this container. + /// Cannot be updated. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + /// SecurityContext defines the security options the container should be run with. + /// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + /// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, - /// StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// StartupProbe indicates that the Pod has successfully initialized. + /// If specified, no other probes are executed until this completes successfully. + /// If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + /// This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + /// when it might take a long time to load data or warm a cache, than during steady-state operation. + /// This cannot be updated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "startupProbe")] pub startup_probe: Option, - /// Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + /// Whether this container should allocate a buffer for stdin in the container runtime. If this + /// is not set, reads from stdin in the container will always result in EOF. + /// Default is false. #[serde(default, skip_serializing_if = "Option::is_none")] pub stdin: Option, - /// Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + /// Whether the container runtime should close the stdin channel after it has been opened by + /// a single attach. When stdin is true the stdin stream will remain open across multiple attach + /// sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + /// first client attaches to stdin, and then remains open and accepts data until the client disconnects, + /// at which time stdin is closed and remains closed until the container is restarted. If this + /// flag is false, a container processes that reads from stdin will never receive an EOF. + /// Default is false #[serde(default, skip_serializing_if = "Option::is_none", rename = "stdinOnce")] pub stdin_once: Option, - /// Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. + /// Optional: Path at which the file to which the container's termination message + /// will be written is mounted into the container's filesystem. + /// Message written is intended to be brief final status, such as an assertion failure message. + /// Will be truncated by the node if greater than 4096 bytes. The total message length across + /// all containers will be limited to 12kb. + /// Defaults to /dev/termination-log. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationMessagePath")] pub termination_message_path: Option, - /// Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + /// Indicate how the termination message should be populated. File will use the contents of + /// terminationMessagePath to populate the container status message on both success and failure. + /// FallbackToLogsOnError will use the last chunk of container log output if the termination + /// message file is empty and the container exited with an error. + /// The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + /// Defaults to File. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationMessagePolicy")] pub termination_message_policy: Option, - /// Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + /// Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + /// Default is false. #[serde(default, skip_serializing_if = "Option::is_none")] pub tty: Option, /// volumeDevices is the list of block devices to be used by the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeDevices")] pub volume_devices: Option>, - /// Pod volumes to mount into the container's filesystem. Cannot be updated. + /// Pod volumes to mount into the container's filesystem. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] pub volume_mounts: Option>, - /// Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + /// Container's working directory. + /// If not specified, the container runtime's default will be used, which + /// might be configured in the container image. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "workingDir")] pub working_dir: Option, } @@ -963,7 +1304,15 @@ pub struct TerraformRunnerPodTemplateSpecInitContainers { pub struct TerraformRunnerPodTemplateSpecInitContainersEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -977,10 +1326,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -993,7 +1344,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFrom { pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1001,7 +1354,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromConfigMapKeyR pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -1012,7 +1366,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -1030,7 +1385,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromResourceField pub struct TerraformRunnerPodTemplateSpecInitContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1055,7 +1412,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvFrom { /// The ConfigMap to select from #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersEnvFromConfigMapRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1066,7 +1425,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvFromConfigMapRef { /// The Secret to select from #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersEnvFromSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -1074,18 +1435,33 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersEnvFromSecretRef { pub optional: Option, } -/// Actions that the management system should take in response to container lifecycle events. Cannot be updated. +/// Actions that the management system should take in response to container lifecycle events. +/// Cannot be updated. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecycle { - /// PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + /// PostStart is called immediately after a container is created. If the handler fails, + /// the container is terminated and restarted according to its restart policy. + /// Other management of the container blocks until the hook completes. + /// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks #[serde(default, skip_serializing_if = "Option::is_none", rename = "postStart")] pub post_start: Option, - /// PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + /// PreStop is called immediately before a container is terminated due to an + /// API request or management event such as liveness/startup probe failure, + /// preemption, resource contention, etc. The handler is not called if the + /// container crashes or exits. The Pod's termination grace period countdown begins before the + /// PreStop hook is executed. Regardless of the outcome of the handler, the + /// container will eventually terminate within the Pod's termination grace + /// period (unless delayed by finalizers). Other management of the container blocks until the hook completes + /// or until the termination grace period is reached. + /// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks #[serde(default, skip_serializing_if = "Option::is_none", rename = "preStop")] pub pre_stop: Option, } -/// PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +/// PostStart is called immediately after a container is created. If the handler fails, +/// the container is terminated and restarted according to its restart policy. +/// Other management of the container blocks until the hook completes. +/// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStart { /// Exec specifies the action to take. @@ -1094,7 +1470,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStart { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, - /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. + /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + /// for the backward compatibility. There are no validation of this field and + /// lifecycle hooks will fail in runtime when tcp handler is specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, } @@ -1102,7 +1480,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStart { /// Exec specifies the action to take. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartExec { - /// Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + /// Command is the command line to execute inside the container, the working directory for the + /// command is root ('/') in the container's filesystem. The command is simply exec'd, it is + /// not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + /// a shell, you need to explicitly call out to that shell. + /// Exit status of 0 is treated as live/healthy and non-zero is unhealthy. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, } @@ -1110,7 +1492,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartExec { /// HTTPGet specifies the http request to perform. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartHttpGet { - /// Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + /// Host name to connect to, defaults to the pod IP. You probably want to set + /// "Host" in httpHeaders instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, /// Custom headers to set in the request. HTTP allows repeated headers. @@ -1119,9 +1502,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartHttpGet /// Path to access on the HTTP server. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Name or number of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, - /// Scheme to use for connecting to the host. Defaults to HTTP. + /// Scheme to use for connecting to the host. + /// Defaults to HTTP. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, } @@ -1129,23 +1515,36 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartHttpGet /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartHttpGetHttpHeaders { - /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. + /// The header field name. + /// This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, } -/// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +/// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +/// for the backward compatibility. There are no validation of this field and +/// lifecycle hooks will fail in runtime when tcp handler is specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePostStartTcpSocket { /// Optional: Host name to connect to, defaults to the pod IP. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Number or name of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, } -/// PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +/// PreStop is called immediately before a container is terminated due to an +/// API request or management event such as liveness/startup probe failure, +/// preemption, resource contention, etc. The handler is not called if the +/// container crashes or exits. The Pod's termination grace period countdown begins before the +/// PreStop hook is executed. Regardless of the outcome of the handler, the +/// container will eventually terminate within the Pod's termination grace +/// period (unless delayed by finalizers). Other management of the container blocks until the hook completes +/// or until the termination grace period is reached. +/// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStop { /// Exec specifies the action to take. @@ -1154,7 +1553,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStop { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, - /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. + /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + /// for the backward compatibility. There are no validation of this field and + /// lifecycle hooks will fail in runtime when tcp handler is specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, } @@ -1162,7 +1563,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStop { /// Exec specifies the action to take. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopExec { - /// Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + /// Command is the command line to execute inside the container, the working directory for the + /// command is root ('/') in the container's filesystem. The command is simply exec'd, it is + /// not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + /// a shell, you need to explicitly call out to that shell. + /// Exit status of 0 is treated as live/healthy and non-zero is unhealthy. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, } @@ -1170,7 +1575,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopExec { /// HTTPGet specifies the http request to perform. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopHttpGet { - /// Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + /// Host name to connect to, defaults to the pod IP. You probably want to set + /// "Host" in httpHeaders instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, /// Custom headers to set in the request. HTTP allows repeated headers. @@ -1179,9 +1585,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopHttpGet { /// Path to access on the HTTP server. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Name or number of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, - /// Scheme to use for connecting to the host. Defaults to HTTP. + /// Scheme to use for connecting to the host. + /// Defaults to HTTP. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, } @@ -1189,29 +1598,38 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopHttpGetHttpHeaders { - /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. + /// The header field name. + /// This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, } -/// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +/// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +/// for the backward compatibility. There are no validation of this field and +/// lifecycle hooks will fail in runtime when tcp handler is specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLifecyclePreStopTcpSocket { /// Optional: Host name to connect to, defaults to the pod IP. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Number or name of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, } -/// Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +/// Periodic probe of container liveness. +/// Container will be restarted if the probe fails. +/// Cannot be updated. +/// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbe { /// Exec specifies the action to take. #[serde(default, skip_serializing_if = "Option::is_none")] pub exec: Option, - /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + /// Minimum consecutive failures for the probe to be considered failed after having succeeded. + /// Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. @@ -1220,22 +1638,36 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbe { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, - /// Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after the container has started before liveness probes are initiated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "initialDelaySeconds")] pub initial_delay_seconds: Option, - /// How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + /// How often (in seconds) to perform the probe. + /// Default to 10 seconds. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "periodSeconds")] pub period_seconds: Option, - /// Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + /// Minimum consecutive successes for the probe to be considered successful after having failed. + /// Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "successThreshold")] pub success_threshold: Option, /// TCPSocket specifies an action involving a TCP port. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, - /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + /// The grace period is the duration in seconds after the processes running in the pod are sent + /// a termination signal and the time when the processes are forcibly halted with a kill signal. + /// Set this value longer than the expected cleanup time for your process. + /// If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + /// value overrides the value provided by the pod spec. + /// Value must be non-negative integer. The value zero indicates stop immediately via + /// the kill signal (no opportunity to shut down). + /// This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + /// Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after which the probe times out. + /// Defaults to 1 second. Minimum value is 1. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] pub timeout_seconds: Option, } @@ -1243,7 +1675,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbe { /// Exec specifies the action to take. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeExec { - /// Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + /// Command is the command line to execute inside the container, the working directory for the + /// command is root ('/') in the container's filesystem. The command is simply exec'd, it is + /// not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + /// a shell, you need to explicitly call out to that shell. + /// Exit status of 0 is treated as live/healthy and non-zero is unhealthy. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, } @@ -1253,8 +1689,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeExec { pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. pub port: i32, - /// Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - /// If this is not specified, the default behavior is defined by gRPC. + /// Service is the name of the service to place in the gRPC HealthCheckRequest + /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + /// + /// + /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } @@ -1262,7 +1701,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeGrpc { /// HTTPGet specifies the http request to perform. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeHttpGet { - /// Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + /// Host name to connect to, defaults to the pod IP. You probably want to set + /// "Host" in httpHeaders instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, /// Custom headers to set in the request. HTTP allows repeated headers. @@ -1271,9 +1711,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeHttpGet { /// Path to access on the HTTP server. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Name or number of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, - /// Scheme to use for connecting to the host. Defaults to HTTP. + /// Scheme to use for connecting to the host. + /// Defaults to HTTP. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, } @@ -1281,7 +1724,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeHttpGetHttpHeaders { - /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. + /// The header field name. + /// This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -1293,37 +1737,50 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersLivenessProbeTcpSocket { /// Optional: Host name to connect to, defaults to the pod IP. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Number or name of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, } /// ContainerPort represents a network port in a single container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersPorts { - /// Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + /// Number of port to expose on the pod's IP address. + /// This must be a valid port number, 0 < x < 65536. #[serde(rename = "containerPort")] pub container_port: i32, /// What host IP to bind the external port to. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostIP")] pub host_ip: Option, - /// Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + /// Number of port to expose on the host. + /// If specified, this must be a valid port number, 0 < x < 65536. + /// If HostNetwork is specified, this must match ContainerPort. + /// Most containers do not need this. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] pub host_port: Option, - /// If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + /// If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + /// named port in a pod must have a unique name. Name for the port that can be + /// referred to by services. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + /// Protocol for port. Must be UDP, TCP, or SCTP. + /// Defaults to "TCP". #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, } -/// Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +/// Periodic probe of container service readiness. +/// Container will be removed from service endpoints if the probe fails. +/// Cannot be updated. +/// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbe { /// Exec specifies the action to take. #[serde(default, skip_serializing_if = "Option::is_none")] pub exec: Option, - /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + /// Minimum consecutive failures for the probe to be considered failed after having succeeded. + /// Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. @@ -1332,22 +1789,36 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbe { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, - /// Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after the container has started before liveness probes are initiated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "initialDelaySeconds")] pub initial_delay_seconds: Option, - /// How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + /// How often (in seconds) to perform the probe. + /// Default to 10 seconds. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "periodSeconds")] pub period_seconds: Option, - /// Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + /// Minimum consecutive successes for the probe to be considered successful after having failed. + /// Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "successThreshold")] pub success_threshold: Option, /// TCPSocket specifies an action involving a TCP port. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, - /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + /// The grace period is the duration in seconds after the processes running in the pod are sent + /// a termination signal and the time when the processes are forcibly halted with a kill signal. + /// Set this value longer than the expected cleanup time for your process. + /// If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + /// value overrides the value provided by the pod spec. + /// Value must be non-negative integer. The value zero indicates stop immediately via + /// the kill signal (no opportunity to shut down). + /// This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + /// Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after which the probe times out. + /// Defaults to 1 second. Minimum value is 1. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] pub timeout_seconds: Option, } @@ -1355,7 +1826,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbe { /// Exec specifies the action to take. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeExec { - /// Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + /// Command is the command line to execute inside the container, the working directory for the + /// command is root ('/') in the container's filesystem. The command is simply exec'd, it is + /// not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + /// a shell, you need to explicitly call out to that shell. + /// Exit status of 0 is treated as live/healthy and non-zero is unhealthy. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, } @@ -1365,8 +1840,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeExec { pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. pub port: i32, - /// Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - /// If this is not specified, the default behavior is defined by gRPC. + /// Service is the name of the service to place in the gRPC HealthCheckRequest + /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + /// + /// + /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } @@ -1374,7 +1852,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeGrpc { /// HTTPGet specifies the http request to perform. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeHttpGet { - /// Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + /// Host name to connect to, defaults to the pod IP. You probably want to set + /// "Host" in httpHeaders instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, /// Custom headers to set in the request. HTTP allows repeated headers. @@ -1383,9 +1862,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeHttpGet { /// Path to access on the HTTP server. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Name or number of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, - /// Scheme to use for connecting to the host. Defaults to HTTP. + /// Scheme to use for connecting to the host. + /// Defaults to HTTP. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, } @@ -1393,7 +1875,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeHttpGetHttpHeaders { - /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. + /// The header field name. + /// This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -1405,33 +1888,49 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersReadinessProbeTcpSocket { /// Optional: Host name to connect to, defaults to the pod IP. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Number or name of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, } /// ContainerResizePolicy represents resource resize policy for the container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersResizePolicy { - /// Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. + /// Name of the resource to which this resource resize policy applies. + /// Supported values: cpu, memory. #[serde(rename = "resourceName")] pub resource_name: String, - /// Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. + /// Restart policy to apply when specified resource is resized. + /// If not specified, it defaults to NotRequired. #[serde(rename = "restartPolicy")] pub restart_policy: String, } -/// Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +/// Compute Resources required by this container. +/// Cannot be updated. +/// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -1439,49 +1938,95 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersResources { /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. pub name: String, } -/// SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +/// SecurityContext defines the security options the container should be run with. +/// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +/// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContext { - /// AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, - /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, - /// Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, - /// procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] pub proc_mount: Option, - /// Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] pub read_only_root_filesystem: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextCapabilities { /// Added capabilities @@ -1492,7 +2037,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextCapabiliti pub drop: Option>, } -/// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -1509,42 +2058,74 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextSeLinuxOpt pub user: Option, } -/// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must only be set if type is "Localhost". #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// This field is alpha-level and will only be honored by components that enable the + /// WindowsHostProcessContainers feature flag. Setting this field without the feature + /// flag will result in errors when validating the Pod. All of a Pod's containers must + /// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess + /// containers and non-HostProcess containers). In addition, if HostProcess is true + /// then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } -/// StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +/// StartupProbe indicates that the Pod has successfully initialized. +/// If specified, no other probes are executed until this completes successfully. +/// If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +/// This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +/// when it might take a long time to load data or warm a cache, than during steady-state operation. +/// This cannot be updated. +/// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbe { /// Exec specifies the action to take. #[serde(default, skip_serializing_if = "Option::is_none")] pub exec: Option, - /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + /// Minimum consecutive failures for the probe to be considered failed after having succeeded. + /// Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. @@ -1553,22 +2134,36 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbe { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, - /// Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after the container has started before liveness probes are initiated. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "initialDelaySeconds")] pub initial_delay_seconds: Option, - /// How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + /// How often (in seconds) to perform the probe. + /// Default to 10 seconds. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "periodSeconds")] pub period_seconds: Option, - /// Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + /// Minimum consecutive successes for the probe to be considered successful after having failed. + /// Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "successThreshold")] pub success_threshold: Option, /// TCPSocket specifies an action involving a TCP port. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, - /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + /// The grace period is the duration in seconds after the processes running in the pod are sent + /// a termination signal and the time when the processes are forcibly halted with a kill signal. + /// Set this value longer than the expected cleanup time for your process. + /// If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + /// value overrides the value provided by the pod spec. + /// Value must be non-negative integer. The value zero indicates stop immediately via + /// the kill signal (no opportunity to shut down). + /// This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + /// Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + /// Number of seconds after which the probe times out. + /// Defaults to 1 second. Minimum value is 1. + /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] pub timeout_seconds: Option, } @@ -1576,7 +2171,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbe { /// Exec specifies the action to take. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeExec { - /// Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + /// Command is the command line to execute inside the container, the working directory for the + /// command is root ('/') in the container's filesystem. The command is simply exec'd, it is + /// not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + /// a shell, you need to explicitly call out to that shell. + /// Exit status of 0 is treated as live/healthy and non-zero is unhealthy. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, } @@ -1586,8 +2185,11 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeExec { pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. pub port: i32, - /// Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - /// If this is not specified, the default behavior is defined by gRPC. + /// Service is the name of the service to place in the gRPC HealthCheckRequest + /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + /// + /// + /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } @@ -1595,7 +2197,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeGrpc { /// HTTPGet specifies the http request to perform. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeHttpGet { - /// Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + /// Host name to connect to, defaults to the pod IP. You probably want to set + /// "Host" in httpHeaders instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, /// Custom headers to set in the request. HTTP allows repeated headers. @@ -1604,9 +2207,12 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeHttpGet { /// Path to access on the HTTP server. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Name or number of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, - /// Scheme to use for connecting to the host. Defaults to HTTP. + /// Scheme to use for connecting to the host. + /// Defaults to HTTP. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, } @@ -1614,7 +2220,8 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeHttpGetHttpHeaders { - /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. + /// The header field name. + /// This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -1626,7 +2233,9 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersStartupProbeTcpSocket { /// Optional: Host name to connect to, defaults to the pod IP. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// Number or name of the port to access on the container. + /// Number must be in the range 1 to 65535. + /// Name must be an IANA_SVC_NAME. pub port: IntOrString, } @@ -1643,21 +2252,30 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersVolumeDevices { /// VolumeMount describes a mounting of a Volume within a container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecInitContainersVolumeMounts { - /// Path within the container at which the volume should be mounted. Must not contain ':'. + /// Path within the container at which the volume should be mounted. Must + /// not contain ':'. #[serde(rename = "mountPath")] pub mount_path: String, - /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + /// mountPropagation determines how mounts are propagated from the host + /// to container and the other way around. + /// When not set, MountPropagationNone is used. + /// This field is beta in 1.10. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] pub mount_propagation: Option, /// This must match the Name of a Volume. pub name: String, - /// Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + /// Mounted read-only if true, read-write otherwise (false or unspecified). + /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + /// Path within the volume from which the container's volume should be mounted. + /// Defaults to "" (volume's root). #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, - /// Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + /// Expanded path within the volume from which the container's volume should be mounted. + /// Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + /// Defaults to "" (volume's root). + /// SubPathExpr and SubPath are mutually exclusive. #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] pub sub_path_expr: Option, } @@ -1665,15 +2283,25 @@ pub struct TerraformRunnerPodTemplateSpecInitContainersVolumeMounts { /// Set Resources for the Runner Pod container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -1681,49 +2309,93 @@ pub struct TerraformRunnerPodTemplateSpecResources { /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. pub name: String, } /// Set SecurityContext for the Runner Pod container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecSecurityContext { - /// AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, - /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, - /// Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, - /// procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] pub proc_mount: Option, - /// Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] pub read_only_root_filesystem: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecSecurityContextCapabilities { /// Added capabilities @@ -1734,7 +2406,11 @@ pub struct TerraformRunnerPodTemplateSpecSecurityContextCapabilities { pub drop: Option>, } -/// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -1751,51 +2427,86 @@ pub struct TerraformRunnerPodTemplateSpecSecurityContextSeLinuxOptions { pub user: Option, } -/// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must only be set if type is "Localhost". #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// This field is alpha-level and will only be honored by components that enable the + /// WindowsHostProcessContainers feature flag. Setting this field without the feature + /// flag will result in errors when validating the Pod. All of a Pod's containers must + /// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess + /// containers and non-HostProcess containers). In addition, if HostProcess is true + /// then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. #[serde(default, skip_serializing_if = "Option::is_none")] pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, } @@ -1803,21 +2514,30 @@ pub struct TerraformRunnerPodTemplateSpecTolerations { /// VolumeMount describes a mounting of a Volume within a container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumeMounts { - /// Path within the container at which the volume should be mounted. Must not contain ':'. + /// Path within the container at which the volume should be mounted. Must + /// not contain ':'. #[serde(rename = "mountPath")] pub mount_path: String, - /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + /// mountPropagation determines how mounts are propagated from the host + /// to container and the other way around. + /// When not set, MountPropagationNone is used. + /// This field is beta in 1.10. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] pub mount_propagation: Option, /// This must match the Name of a Volume. pub name: String, - /// Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + /// Mounted read-only if true, read-write otherwise (false or unspecified). + /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + /// Path within the volume from which the container's volume should be mounted. + /// Defaults to "" (volume's root). #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, - /// Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + /// Expanded path within the volume from which the container's volume should be mounted. + /// Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + /// Defaults to "" (volume's root). + /// SubPathExpr and SubPath are mutually exclusive. #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] pub sub_path_expr: Option, } @@ -1825,7 +2545,9 @@ pub struct TerraformRunnerPodTemplateSpecVolumeMounts { /// Volume represents a named volume in a pod that may be accessed by any container in the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumes { - /// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] pub aws_elastic_block_store: Option, /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. @@ -1837,7 +2559,8 @@ pub struct TerraformRunnerPodTemplateSpecVolumes { /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub cephfs: Option, - /// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// cinder represents a cinder volume attached and mounted on kubelets host machine. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub cinder: Option, /// configMap represents a configMap that should populate this volume @@ -1849,46 +2572,91 @@ pub struct TerraformRunnerPodTemplateSpecVolumes { /// downwardAPI represents downward API about the pod that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] pub downward_api: Option, - /// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// emptyDir represents a temporary directory that shares a pod's lifetime. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] pub empty_dir: Option, - /// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - /// A pod can use both types of ephemeral volumes and persistent volumes at the same time. + /// ephemeral represents a volume that is handled by a cluster storage driver. + /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + /// and deleted when the pod is removed. + /// + /// + /// Use this if: + /// a) the volume is only needed while the pod runs, + /// b) features of normal volumes like restoring from snapshot or capacity + /// tracking are needed, + /// c) the storage driver is specified through a storage class, and + /// d) the storage driver supports dynamic volume provisioning through + /// a PersistentVolumeClaim (see EphemeralVolumeSource for more + /// information on the connection between this volume type + /// and PersistentVolumeClaim). + /// + /// + /// Use PersistentVolumeClaim or one of the vendor-specific + /// APIs for volumes that persist for longer than the lifecycle + /// of an individual pod. + /// + /// + /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + /// be used that way - see the documentation of the driver for + /// more information. + /// + /// + /// A pod can use both types of ephemeral volumes and + /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] pub ephemeral: Option, /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[serde(default, skip_serializing_if = "Option::is_none")] pub fc: Option, - /// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + /// flexVolume represents a generic volume resource that is + /// provisioned/attached using an exec based plugin. #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] pub flex_volume: Option, /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[serde(default, skip_serializing_if = "Option::is_none")] pub flocker: Option, - /// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// gcePersistentDisk represents a GCE Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] pub gce_persistent_disk: Option, - /// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. + /// gitRepo represents a git repository at a particular revision. + /// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + /// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + /// into the Pod's container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] pub git_repo: Option, - /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub glusterfs: Option, - /// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. + /// hostPath represents a pre-existing file or directory on the host + /// machine that is directly exposed to the container. This is generally + /// used for system agents or other privileged things that are allowed + /// to see the host machine. Most containers will NOT need this. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// --- + /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, - /// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md + /// iscsi represents an ISCSI Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://examples.k8s.io/volumes/iscsi/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub iscsi: Option, - /// name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// name of the volume. + /// Must be a DNS_LABEL and unique within the pod. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names pub name: String, - /// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// nfs represents an NFS mount on the host that shares a pod's lifetime + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none")] pub nfs: Option, - /// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// persistentVolumeClaimVolumeSource represents a reference to a + /// PersistentVolumeClaim in the same namespace. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] pub persistent_volume_claim: Option, /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine @@ -1903,13 +2671,15 @@ pub struct TerraformRunnerPodTemplateSpecVolumes { /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub quobyte: Option, - /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/rbd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub rbd: Option, /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] pub scale_io: Option, - /// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secret represents a secret that should populate this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. @@ -1920,19 +2690,30 @@ pub struct TerraformRunnerPodTemplateSpecVolumes { pub vsphere_volume: Option, } -/// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesAwsElasticBlockStore { - /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// readOnly value true will force the readOnly setting in VolumeMounts. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(rename = "volumeID")] pub volume_id: String, } @@ -1949,13 +2730,16 @@ pub struct TerraformRunnerPodTemplateSpecVolumesAzureDisk { /// diskURI is the URI of data disk in the blob storage #[serde(rename = "diskURI")] pub disk_uri: String, - /// fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is Filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } @@ -1963,7 +2747,8 @@ pub struct TerraformRunnerPodTemplateSpecVolumesAzureDisk { /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesAzureFile { - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, /// secretName is the name of secret that contains Azure Storage Account Name and Key @@ -1977,54 +2762,74 @@ pub struct TerraformRunnerPodTemplateSpecVolumesAzureFile { /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCephfs { - /// monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// monitors is Required: Monitors is a collection of Ceph monitors + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it pub monitors: Vec, /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] pub secret_file: Option, - /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// user is optional: User is the rados user name, default is admin + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +/// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCephfsSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +/// cinder represents a cinder volume attached and mounted on kubelets host machine. +/// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCinder { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. + /// secretRef is optional: points to a secret object containing parameters used to connect + /// to OpenStack. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// volumeID used to identify the volume in cinder. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(rename = "volumeID")] pub volume_id: String, } -/// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +/// secretRef is optional: points to a secret object containing parameters used to connect +/// to OpenStack. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCinderSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2032,13 +2837,27 @@ pub struct TerraformRunnerPodTemplateSpecVolumesCinderSecretRef { /// configMap represents a configMap that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesConfigMap { - /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -2051,36 +2870,59 @@ pub struct TerraformRunnerPodTemplateSpecVolumesConfigMap { pub struct TerraformRunnerPodTemplateSpecVolumesConfigMapItems { /// key is the key to project. pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. pub path: String, } /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCsi { - /// driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + /// driver is the name of the CSI driver that handles this volume. + /// Consult with your admin for the correct name as registered in the cluster. pub driver: String, - /// fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + /// fsType to mount. Ex. "ext4", "xfs", "ntfs". + /// If not provided, the empty value is passed to the associated CSI driver + /// which will determine the default filesystem to apply. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + /// nodePublishSecretRef is a reference to the secret object containing + /// sensitive information to pass to the CSI driver to complete the CSI + /// NodePublishVolume and NodeUnpublishVolume calls. + /// This field is optional, and may be empty if no secret is required. If the + /// secret object contains more than one secret, all secret references are passed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] pub node_publish_secret_ref: Option, - /// readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). + /// readOnly specifies a read-only configuration for the volume. + /// Defaults to false (read/write). #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + /// volumeAttributes stores driver-specific properties that are passed to the CSI + /// driver. Consult your driver's documentation for supported values. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] pub volume_attributes: Option>, } -/// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +/// nodePublishSecretRef is a reference to the secret object containing +/// sensitive information to pass to the CSI driver to complete the CSI +/// NodePublishVolume and NodeUnpublishVolume calls. +/// This field is optional, and may be empty if no secret is required. If the +/// secret object contains more than one secret, all secret references are passed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesCsiNodePublishSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2088,7 +2930,14 @@ pub struct TerraformRunnerPodTemplateSpecVolumesCsiNodePublishSecretRef { /// downwardAPI represents downward API about the pod that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesDownwardApi { - /// Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// Optional: mode bits to use on created files by default. Must be a + /// Optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, /// Items is a list of downward API volume file @@ -2102,12 +2951,18 @@ pub struct TerraformRunnerPodTemplateSpecVolumesDownwardApiItems { /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' pub path: String, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, } @@ -2123,7 +2978,8 @@ pub struct TerraformRunnerPodTemplateSpecVolumesDownwardApiItemsFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesDownwardApiItemsResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -2136,72 +2992,190 @@ pub struct TerraformRunnerPodTemplateSpecVolumesDownwardApiItemsResourceFieldRef pub resource: String, } -/// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +/// emptyDir represents a temporary directory that shares a pod's lifetime. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEmptyDir { - /// medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// medium represents what type of storage medium should back this directory. + /// The default is "" which means to use the node's default medium. + /// Must be an empty string (default) or Memory. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none")] pub medium: Option, - /// sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// sizeLimit is the total amount of local storage required for this EmptyDir volume. + /// The size limit is also applicable for memory medium. + /// The maximum usage on memory medium EmptyDir would be the minimum value between + /// the SizeLimit specified here and the sum of memory limits of all containers in a pod. + /// The default is nil which means that the limit is undefined. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] pub size_limit: Option, } -/// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. -/// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). -/// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. -/// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. -/// A pod can use both types of ephemeral volumes and persistent volumes at the same time. +/// ephemeral represents a volume that is handled by a cluster storage driver. +/// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +/// and deleted when the pod is removed. +/// +/// +/// Use this if: +/// a) the volume is only needed while the pod runs, +/// b) features of normal volumes like restoring from snapshot or capacity +/// tracking are needed, +/// c) the storage driver is specified through a storage class, and +/// d) the storage driver supports dynamic volume provisioning through +/// a PersistentVolumeClaim (see EphemeralVolumeSource for more +/// information on the connection between this volume type +/// and PersistentVolumeClaim). +/// +/// +/// Use PersistentVolumeClaim or one of the vendor-specific +/// APIs for volumes that persist for longer than the lifecycle +/// of an individual pod. +/// +/// +/// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +/// be used that way - see the documentation of the driver for +/// more information. +/// +/// +/// A pod can use both types of ephemeral volumes and +/// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeral { - /// Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - /// An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - /// This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - /// Required, must not be nil. + /// Will be used to create a stand-alone PVC to provision the volume. + /// The pod in which this EphemeralVolumeSource is embedded will be the + /// owner of the PVC, i.e. the PVC will be deleted together with the + /// pod. The name of the PVC will be `-` where + /// `` is the name from the `PodSpec.Volumes` array + /// entry. Pod validation will reject the pod if the concatenated name + /// is not valid for a PVC (for example, too long). + /// + /// + /// An existing PVC with that name that is not owned by the pod + /// will *not* be used for the pod to avoid using an unrelated + /// volume by mistake. Starting the pod is then blocked until + /// the unrelated PVC is removed. If such a pre-created PVC is + /// meant to be used by the pod, the PVC has to updated with an + /// owner reference to the pod once the pod exists. Normally + /// this should not be necessary, but it may be useful when + /// manually reconstructing a broken cluster. + /// + /// + /// This field is read-only and no changes will be made by Kubernetes + /// to the PVC after it has been created. + /// + /// + /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, } -/// Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). -/// An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. -/// This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. -/// Required, must not be nil. +/// Will be used to create a stand-alone PVC to provision the volume. +/// The pod in which this EphemeralVolumeSource is embedded will be the +/// owner of the PVC, i.e. the PVC will be deleted together with the +/// pod. The name of the PVC will be `-` where +/// `` is the name from the `PodSpec.Volumes` array +/// entry. Pod validation will reject the pod if the concatenated name +/// is not valid for a PVC (for example, too long). +/// +/// +/// An existing PVC with that name that is not owned by the pod +/// will *not* be used for the pod to avoid using an unrelated +/// volume by mistake. Starting the pod is then blocked until +/// the unrelated PVC is removed. If such a pre-created PVC is +/// meant to be used by the pod, the PVC has to updated with an +/// owner reference to the pod once the pod exists. Normally +/// this should not be necessary, but it may be useful when +/// manually reconstructing a broken cluster. +/// +/// +/// This field is read-only and no changes will be made by Kubernetes +/// to the PVC after it has been created. +/// +/// +/// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { - /// May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. + /// May contain labels and annotations that will be copied into the PVC + /// when creating it. No other fields are allowed and will be rejected during + /// validation. #[serde(default, skip_serializing_if = "Option::is_none")] pub metadata: Option, - /// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. + /// The specification for the PersistentVolumeClaim. The entire content is + /// copied unchanged into the PVC that gets created from this + /// template. The same fields as in a PersistentVolumeClaim + /// are also valid here. pub spec: TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec, } -/// May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +/// May contain labels and annotations that will be copied into the PVC +/// when creating it. No other fields are allowed and will be rejected during +/// validation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateMetadata { } -/// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +/// The specification for the PersistentVolumeClaim. The entire content is +/// copied unchanged into the PVC that gets created from this +/// template. The same fields as in a PersistentVolumeClaim +/// are also valid here. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec { - /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + /// accessModes contains the desired access modes the volume should have. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. + /// dataSource field can be used to specify either: + /// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + /// * An existing PVC (PersistentVolumeClaim) + /// If the provisioner or an external controller can support the specified data source, + /// it will create a new volume based on the contents of the specified data source. + /// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + /// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + /// If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + /// volume is desired. This may be any object from a non-empty API group (non + /// core object) or a PersistentVolumeClaim object. + /// When this field is specified, volume binding will only succeed if the type of + /// the specified object matches some installed volume populator or dynamic + /// provisioner. + /// This field will replace the functionality of the dataSource field and as such + /// if both fields are non-empty, they must have the same value. For backwards + /// compatibility, when namespace isn't specified in dataSourceRef, + /// both fields (dataSource and dataSourceRef) will be set to the same + /// value automatically if one of them is empty and the other is non-empty. + /// When namespace is specified in dataSourceRef, + /// dataSource isn't set to the same value and must be empty. + /// There are three important differences between dataSource and dataSourceRef: + /// * While dataSource only allows two specific types of objects, dataSourceRef + /// allows any non-core object, as well as PersistentVolumeClaim objects. + /// * While dataSource ignores disallowed values (dropping them), dataSourceRef + /// preserves all values, and generates an error if a disallowed value is + /// specified. + /// * While dataSource only allows local objects, dataSourceRef allows objects + /// in any namespaces. + /// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, - /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + /// resources represents the minimum resources the volume should have. + /// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + /// that are lower than previous value but must still be higher than capacity recorded in the + /// status field of the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, /// selector is a label query over volumes to consider for binding. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, - /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + /// storageClassName is the name of the StorageClass required by the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, - /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + /// volumeMode defines what type of volume is required by the claim. + /// Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, /// volumeName is the binding reference to the PersistentVolume backing this claim. @@ -2209,10 +3183,19 @@ pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec pub volume_name: Option, } -/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +/// dataSource field can be used to specify either: +/// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +/// * An existing PVC (PersistentVolumeClaim) +/// If the provisioner or an external controller can support the specified data source, +/// it will create a new volume based on the contents of the specified data source. +/// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +/// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +/// If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpecDataSource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced @@ -2221,33 +3204,73 @@ pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec pub name: String, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +/// volume is desired. This may be any object from a non-empty API group (non +/// core object) or a PersistentVolumeClaim object. +/// When this field is specified, volume binding will only succeed if the type of +/// the specified object matches some installed volume populator or dynamic +/// provisioner. +/// This field will replace the functionality of the dataSource field and as such +/// if both fields are non-empty, they must have the same value. For backwards +/// compatibility, when namespace isn't specified in dataSourceRef, +/// both fields (dataSource and dataSourceRef) will be set to the same +/// value automatically if one of them is empty and the other is non-empty. +/// When namespace is specified in dataSourceRef, +/// dataSource isn't set to the same value and must be empty. +/// There are three important differences between dataSource and dataSourceRef: +/// * While dataSource only allows two specific types of objects, dataSourceRef +/// allows any non-core object, as well as PersistentVolumeClaim objects. +/// * While dataSource ignores disallowed values (dropping them), dataSourceRef +/// preserves all values, and generates an error if a disallowed value is +/// specified. +/// * While dataSource only allows local objects, dataSourceRef allows objects +/// in any namespaces. +/// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced pub kind: String, /// Name is the name of resource being referenced pub name: String, - /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + /// Namespace is the namespace of resource being referenced + /// Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + /// (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +/// resources represents the minimum resources the volume should have. +/// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +/// that are lower than previous value but must still be higher than capacity recorded in the +/// status field of the claim. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpecResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -2255,7 +3278,9 @@ pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpecResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. pub name: String, } @@ -2265,19 +3290,26 @@ pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpecSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -2285,46 +3317,65 @@ pub struct TerraformRunnerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesFc { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number #[serde(default, skip_serializing_if = "Option::is_none")] pub lun: Option, - /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, /// targetWWNs is Optional: FC target worldwide names (WWNs) #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] pub target_ww_ns: Option>, - /// wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + /// wwids Optional: FC volume world wide identifiers (wwids) + /// Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. #[serde(default, skip_serializing_if = "Option::is_none")] pub wwids: Option>, } -/// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +/// flexVolume represents a generic volume resource that is +/// provisioned/attached using an exec based plugin. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesFlexVolume { /// driver is the name of the driver to use for this volume. pub driver: String, - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// options is Optional: this field holds extra command options if any. #[serde(default, skip_serializing_if = "Option::is_none")] pub options: Option>, - /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. + /// secretRef is Optional: secretRef is reference to the secret object containing + /// sensitive information to pass to the plugin scripts. This may be + /// empty if no secret object is specified. If the secret object + /// contains more than one secret, all secrets are passed to the plugin + /// scripts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, } -/// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +/// secretRef is Optional: secretRef is reference to the secret object containing +/// sensitive information to pass to the plugin scripts. This may be +/// empty if no secret object is specified. If the secret object +/// contains more than one secret, all secrets are passed to the plugin +/// scripts. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesFlexVolumeSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2332,7 +3383,8 @@ pub struct TerraformRunnerPodTemplateSpecVolumesFlexVolumeSecretRef { /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesFlocker { - /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + /// should be considered as deprecated #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] pub dataset_name: Option, /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset @@ -2340,27 +3392,46 @@ pub struct TerraformRunnerPodTemplateSpecVolumesFlocker { pub dataset_uuid: Option, } -/// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +/// gcePersistentDisk represents a GCE Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesGcePersistentDisk { - /// fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(rename = "pdName")] pub pd_name: String, - /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +/// gitRepo represents a git repository at a particular revision. +/// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +/// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +/// into the Pod's container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesGitRepo { - /// directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + /// directory is the target directory name. + /// Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + /// git repository. Otherwise, if specified, the volume will contain the git repository in + /// the subdirectory with the given name. #[serde(default, skip_serializing_if = "Option::is_none")] pub directory: Option, /// repository is the URL @@ -2370,29 +3441,47 @@ pub struct TerraformRunnerPodTemplateSpecVolumesGitRepo { pub revision: Option, } -/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/glusterfs/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesGlusterfs { - /// endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// endpoints is the endpoint name that details Glusterfs topology. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub endpoints: String, - /// path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// path is the Glusterfs volume path. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub path: String, - /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +/// hostPath represents a pre-existing file or directory on the host +/// machine that is directly exposed to the container. This is generally +/// used for system agents or other privileged things that are allowed +/// to see the host machine. Most containers will NOT need this. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +/// --- +/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesHostPath { - /// path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// path of the directory on the host. + /// If the path is a symlink, it will follow the link to the real path. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath pub path: String, - /// type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// type for HostPath Volume + /// Defaults to "" + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } -/// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +/// iscsi represents an ISCSI Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://examples.k8s.io/volumes/iscsi/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesIscsi { /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication @@ -2401,29 +3490,39 @@ pub struct TerraformRunnerPodTemplateSpecVolumesIscsi { /// chapAuthSession defines whether support iSCSI Session CHAP authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] pub chap_auth_session: Option, - /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + /// initiatorName is the custom iSCSI Initiator Name. + /// If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + /// : will be created for the connection. #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] pub initiator_name: Option, /// iqn is the target iSCSI Qualified Name. pub iqn: String, - /// iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + /// iscsiInterface is the interface Name that uses an iSCSI transport. + /// Defaults to 'default' (tcp). #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] pub iscsi_interface: Option, /// lun represents iSCSI Target Lun number. pub lun: i32, - /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). #[serde(default, skip_serializing_if = "Option::is_none")] pub portals: Option>, - /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, /// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). #[serde(rename = "targetPortal")] pub target_portal: String, } @@ -2431,30 +3530,41 @@ pub struct TerraformRunnerPodTemplateSpecVolumesIscsi { /// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesIscsiSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +/// nfs represents an NFS mount on the host that shares a pod's lifetime +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesNfs { - /// path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// path that is exported by the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub path: String, - /// readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// readOnly here will force the NFS export to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// server is the hostname or IP address of the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub server: String, } -/// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +/// persistentVolumeClaimVolumeSource represents a reference to a +/// PersistentVolumeClaim in the same namespace. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesPersistentVolumeClaim { - /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(rename = "claimName")] pub claim_name: String, - /// readOnly Will force the ReadOnly setting in VolumeMounts. Default false. + /// readOnly Will force the ReadOnly setting in VolumeMounts. + /// Default false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } @@ -2462,7 +3572,9 @@ pub struct TerraformRunnerPodTemplateSpecVolumesPersistentVolumeClaim { /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesPhotonPersistentDisk { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// pdID is the ID that identifies Photon Controller persistent disk @@ -2473,10 +3585,13 @@ pub struct TerraformRunnerPodTemplateSpecVolumesPhotonPersistentDisk { /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesPortworxVolume { - /// fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + /// fSType represents the filesystem type to mount + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, /// volumeID uniquely identifies a Portworx volume @@ -2487,7 +3602,12 @@ pub struct TerraformRunnerPodTemplateSpecVolumesPortworxVolume { /// projected items for all in one resources secrets, configmaps, and downward API #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesProjected { - /// defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode are the mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, /// sources is the list of volume projections @@ -2515,10 +3635,18 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSources { /// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesConfigMap { - /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -2531,10 +3659,18 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesConfigMap { pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesConfigMapItems { /// key is the key to project. pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. pub path: String, } @@ -2552,12 +3688,18 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesDownwardApiItems /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' pub path: String, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, } @@ -2573,7 +3715,8 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesDownwardApiItems pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -2589,10 +3732,18 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesDownwardApiItems /// secret information about the secret data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesSecret { - /// items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced + /// Secret will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the Secret, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -2605,78 +3756,124 @@ pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesSecret { pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesSecretItems { /// key is the key to project. pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. pub path: String, } /// serviceAccountToken is information about the serviceAccountToken data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesProjectedSourcesServiceAccountToken { - /// audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + /// audience is the intended audience of the token. A recipient of a token + /// must identify itself with an identifier specified in the audience of the + /// token, and otherwise should reject the token. The audience defaults to the + /// identifier of the apiserver. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, - /// expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + /// expirationSeconds is the requested duration of validity of the service + /// account token. As the token approaches expiration, the kubelet volume + /// plugin will proactively rotate the service account token. The kubelet will + /// start trying to rotate the token if the token is older than 80 percent of + /// its time to live or if the token is older than 24 hours.Defaults to 1 hour + /// and must be at least 10 minutes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] pub expiration_seconds: Option, - /// path is the path relative to the mount point of the file to project the token into. + /// path is the path relative to the mount point of the file to project the + /// token into. pub path: String, } /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesQuobyte { - /// group to map volume access to Default is no group + /// group to map volume access to + /// Default is no group #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. + /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + /// registry represents a single or multiple Quobyte Registry services + /// specified as a string as host:port pair (multiple entries are separated with commas) + /// which acts as the central registry for volumes pub registry: String, - /// tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + /// tenant owning the given Quobyte volume in the Backend + /// Used with dynamically provisioned Quobyte volumes, value is set by the plugin #[serde(default, skip_serializing_if = "Option::is_none")] pub tenant: Option, - /// user to map volume access to Defaults to serivceaccount user + /// user to map volume access to + /// Defaults to serivceaccount user #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, /// volume is a string that references an already created Quobyte volume by name. pub volume: String, } -/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/rbd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesRbd { - /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// image is the rados image name. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub image: String, - /// keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// keyring is the path to key ring for RBDUser. + /// Default is /etc/ceph/keyring. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub keyring: Option, - /// monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// monitors is a collection of Ceph monitors. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub monitors: Vec, - /// pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// pool is the rados pool name. + /// Default is rbd. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub pool: Option, - /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// secretRef is name of the authentication secret for RBDUser. If provided + /// overrides keyring. + /// Default is nil. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// user is the rados user name. + /// Default is admin. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +/// secretRef is name of the authentication secret for RBDUser. If provided +/// overrides keyring. +/// Default is nil. +/// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesRbdSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2684,7 +3881,10 @@ pub struct TerraformRunnerPodTemplateSpecVolumesRbdSecretRef { /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesScaleIo { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". + /// Default is "xfs". #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// gateway is the host address of the ScaleIO API Gateway. @@ -2692,16 +3892,19 @@ pub struct TerraformRunnerPodTemplateSpecVolumesScaleIo { /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] pub protection_domain: Option, - /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + /// secretRef references to the secret for ScaleIO user and other + /// sensitive information. If this is not provided, Login operation will fail. #[serde(rename = "secretRef")] pub secret_ref: TerraformRunnerPodTemplateSpecVolumesScaleIoSecretRef, /// sslEnabled Flag enable/disable SSL communication with Gateway, default false #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] pub ssl_enabled: Option, - /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + /// Default is ThinProvisioned. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] pub storage_mode: Option, /// storagePool is the ScaleIO Storage Pool associated with the protection domain. @@ -2709,32 +3912,50 @@ pub struct TerraformRunnerPodTemplateSpecVolumesScaleIo { pub storage_pool: Option, /// system is the name of the storage system as configured in ScaleIO. pub system: String, - /// volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. + /// volumeName is the name of a volume already created in the ScaleIO system + /// that is associated with this volume source. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, } -/// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +/// secretRef references to the secret for ScaleIO user and other +/// sensitive information. If this is not provided, Login operation will fail. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesScaleIoSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +/// secret represents a secret that should populate this volume. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesSecret { - /// defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is Optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values + /// for mode bits. Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items If unspecified, each key-value pair in the Data field of the referenced + /// Secret will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the Secret, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// optional field specify whether the Secret or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, - /// secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secretName is the name of the secret in the pod's namespace to use. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] pub secret_name: Option, } @@ -2744,37 +3965,58 @@ pub struct TerraformRunnerPodTemplateSpecVolumesSecret { pub struct TerraformRunnerPodTemplateSpecVolumesSecretItems { /// key is the key to project. pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. pub path: String, } /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesStorageos { - /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + /// secretRef specifies the secret to use for obtaining the StorageOS API + /// credentials. If not specified, default values will be attempted. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + /// volumeName is the human-readable name of the StorageOS volume. Volume + /// names are only unique within a namespace. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, - /// volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + /// volumeNamespace specifies the scope of the volume within StorageOS. If no + /// namespace is specified then the Pod's namespace will be used. This allows the + /// Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + /// Set VolumeName to any name to override the default behaviour. + /// Set to "default" if you are not using namespaces within StorageOS. + /// Namespaces that do not pre-exist within StorageOS will be created. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] pub volume_namespace: Option, } -/// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +/// secretRef specifies the secret to use for obtaining the StorageOS API +/// credentials. If not specified, default values will be attempted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesStorageosSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2782,7 +4024,9 @@ pub struct TerraformRunnerPodTemplateSpecVolumesStorageosSecretRef { /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformRunnerPodTemplateSpecVolumesVsphereVolume { - /// fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. @@ -2834,19 +4078,41 @@ pub enum TerraformStoreReadablePlan { /// TFStateSpec allows the user to set ForceUnlock #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformTfstate { - /// ForceUnlock a Terraform state if it has become locked for any reason. Defaults to `no`. - /// This is an Enum and has the expected values of: - /// - auto - yes - no - /// WARNING: Only use `auto` in the cases where you are absolutely certain that no other system is using this state, you could otherwise end up in a bad place See https://www.terraform.io/language/state/locking#force-unlock for more information on the terraform state lock and force unlock. + /// ForceUnlock a Terraform state if it has become locked for any reason. Defaults to `no`. + /// + /// + /// This is an Enum and has the expected values of: + /// + /// + /// - auto + /// - yes + /// - no + /// + /// + /// WARNING: Only use `auto` in the cases where you are absolutely certain that + /// no other system is using this state, you could otherwise end up in a bad place + /// See https://www.terraform.io/language/state/locking#force-unlock for more + /// information on the terraform state lock and force unlock. #[serde(default, skip_serializing_if = "Option::is_none", rename = "forceUnlock")] pub force_unlock: Option, - /// LockIdentifier holds the Identifier required by Terraform to unlock the state if it ever gets into a locked state. - /// You'll need to put the Lock Identifier in here while setting ForceUnlock to either `yes` or `auto`. - /// Leave this empty to do nothing, set this to the value of the `Lock Info: ID: [value]`, e.g. `f2ab685b-f84d-ac0b-a125-378a22877e8d`, to force unlock the state. + /// LockIdentifier holds the Identifier required by Terraform to unlock the state + /// if it ever gets into a locked state. + /// + /// + /// You'll need to put the Lock Identifier in here while setting ForceUnlock to + /// either `yes` or `auto`. + /// + /// + /// Leave this empty to do nothing, set this to the value of the `Lock Info: ID: [value]`, + /// e.g. `f2ab685b-f84d-ac0b-a125-378a22877e8d`, to force unlock the state. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lockIdentifier")] pub lock_identifier: Option, - /// LockTimeout is a Duration string that instructs Terraform to retry acquiring a lock for the specified period of time before returning an error. The duration syntax is a number followed by a time unit letter, such as `3s` for three seconds. - /// Defaults to `0s` which will behave as though `LockTimeout` was not set + /// LockTimeout is a Duration string that instructs Terraform to retry acquiring a lock for the specified period of + /// time before returning an error. The duration syntax is a number followed by a time unit letter, such as `3s` for + /// three seconds. + /// + /// + /// Defaults to `0s` which will behave as though `LockTimeout` was not set #[serde(default, skip_serializing_if = "Option::is_none", rename = "lockTimeout")] pub lock_timeout: Option, } @@ -2879,10 +4145,12 @@ pub struct TerraformVarsValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -2895,7 +4163,9 @@ pub struct TerraformVarsValueFrom { pub struct TerraformVarsValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2903,7 +4173,8 @@ pub struct TerraformVarsValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformVarsValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -2914,7 +4185,8 @@ pub struct TerraformVarsValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TerraformVarsValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -2932,7 +4204,9 @@ pub struct TerraformVarsValueFromResourceFieldRef { pub struct TerraformVarsValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2940,14 +4214,18 @@ pub struct TerraformVarsValueFromSecretKeyRef { pub optional: Option, } -/// VarsReference contain a reference of a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey. +/// VarsReference contain a reference of a Secret or a ConfigMap to generate +/// variables for Terraform resources based on its data, selectively by varsKey. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct TerraformVarsFrom { /// Kind of the values referent, valid values are ('Secret', 'ConfigMap'). pub kind: TerraformVarsFromKind, - /// Name of the values referent. Should reside in the same namespace as the referring resource. + /// Name of the values referent. Should reside in the same namespace as the + /// referring resource. pub name: String, - /// Optional marks this VarsReference as optional. When set, a not found error for the values reference is ignored, but any VarsKey or transient error will still result in a reconciliation failure. + /// Optional marks this VarsReference as optional. When set, a not found error + /// for the values reference is ignored, but any VarsKey or + /// transient error will still result in a reconciliation failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, /// VarsKeys is the data key at which a specific value can be found. Defaults to all keys. @@ -2955,7 +4233,8 @@ pub struct TerraformVarsFrom { pub vars_keys: Option>, } -/// VarsReference contain a reference of a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey. +/// VarsReference contain a reference of a Secret or a ConfigMap to generate +/// variables for Terraform resources based on its data, selectively by varsKey. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum TerraformVarsFromKind { Secret, @@ -2993,7 +4272,8 @@ pub struct TerraformWriteOutputsToSecret { pub labels: Option>, /// Name is the name of the Secret to be written pub name: String, - /// Outputs contain the selected names of outputs to be written to the secret. Empty array means writing all outputs, which is default. + /// Outputs contain the selected names of outputs to be written + /// to the secret. Empty array means writing all outputs, which is default. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, } @@ -3008,10 +4288,12 @@ pub struct TerraformStatus { /// Inventory contains the list of Terraform resource object references that have been successfully applied. #[serde(default, skip_serializing_if = "Option::is_none")] pub inventory: Option, - /// LastAppliedByDriftDetectionAt is the time when the last drift was detected and terraform apply was performed as a result + /// LastAppliedByDriftDetectionAt is the time when the last drift was detected and + /// terraform apply was performed as a result #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastAppliedByDriftDetectionAt")] pub last_applied_by_drift_detection_at: Option, - /// The last successfully applied revision. The revision format for Git sources is /. + /// The last successfully applied revision. + /// The revision format for Git sources is /. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastAppliedRevision")] pub last_applied_revision: Option, /// LastAttemptedRevision is the revision of the last reconciliation attempt. @@ -3020,13 +4302,16 @@ pub struct TerraformStatus { /// LastDriftDetectedAt is the time when the last drift was detected #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastDriftDetectedAt")] pub last_drift_detected_at: Option, - /// LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected. + /// LastHandledReconcileAt holds the value of the most recent + /// reconcile request value, so a change of the annotation value + /// can be detected. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastHandledReconcileAt")] pub last_handled_reconcile_at: Option, /// LastPlanAt is the time when the last terraform plan was performed #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastPlanAt")] pub last_plan_at: Option, - /// LastPlannedRevision is the revision used by the last planning process. The result could be either no plan change or a new plan generated. + /// LastPlannedRevision is the revision used by the last planning process. + /// The result could be either no plan change or a new plan generated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastPlannedRevision")] pub last_planned_revision: Option, /// LockStatus defines the observed state of a Terraform State Lock @@ -3037,7 +4322,8 @@ pub struct TerraformStatus { pub observed_generation: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub plan: Option, - /// ReconciliationFailures is the number of reconciliation failures since the last success or update. + /// ReconciliationFailures is the number of reconciliation + /// failures since the last success or update. #[serde(default, skip_serializing_if = "Option::is_none", rename = "reconciliationFailures")] pub reconciliation_failures: Option, } diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/connections.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/connections.rs index 51682378d..aa5ac104c 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/connections.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/connections.rs @@ -39,6 +39,7 @@ pub struct ConnectionSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub params: Option>, /// PasswordSecretKeyRef is a reference to the password to use for configuring the Connection. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(rename = "passwordSecretKeyRef")] pub password_secret_key_ref: ConnectionPasswordSecretKeyRef, /// Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener. @@ -148,6 +149,7 @@ pub struct ConnectionMaxScaleRef { } /// PasswordSecretKeyRef is a reference to the password to use for configuring the Connection. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConnectionPasswordSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs index da21f1735..12713dc26 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs @@ -36,7 +36,7 @@ pub struct MariaDBSpec { /// Connection defines templates to configure the general Connection object. #[serde(default, skip_serializing_if = "Option::is_none")] pub connection: Option, - /// Database is the database to be created on bootstrap. + /// Database is the initial database to be created by the operator once MariaDB is ready. #[serde(default, skip_serializing_if = "Option::is_none")] pub database: Option, /// Env represents the environment variables to be injected in a container. @@ -84,14 +84,14 @@ pub struct MariaDBSpec { pub my_cnf: Option, /// MyCnfConfigMapKeyRef is a reference to the my.cnf config file provided via a ConfigMap. /// If not provided, it will be defaulted with a reference to a ConfigMap containing the MyCnf field. - /// If the referred ConfigMap is labeled with "k8s.mariadb.com/watch", - /// an update to the Mariadb resource will be triggered when the ConfigMap is updated. + /// If the referred ConfigMap is labeled with "k8s.mariadb.com/watch", an update to the Mariadb resource will be triggered when the ConfigMap is updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "myCnfConfigMapKeyRef")] pub my_cnf_config_map_key_ref: Option, /// NodeSelector to be used in the Pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, - /// PasswordSecretKeyRef is a Secret reference to the password of the initial user created on bootstrap. + /// PasswordSecretKeyRef is a reference to a Secret that contains the password for the initial user. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordSecretKeyRef")] pub password_secret_key_ref: Option, /// PodDisruptionBudget defines the budget for replica availability. @@ -163,7 +163,7 @@ pub struct MariaDBSpec { /// UpdateStrategy defines how a MariaDB resource is updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateStrategy")] pub update_strategy: Option, - /// Username is the username of the initial user created on bootstrap. + /// Username is the initial username to be created by the operator once MariaDB is ready. It has all privileges on the initial database. #[serde(default, skip_serializing_if = "Option::is_none")] pub username: Option, /// VolumeMounts to be used in the Container. @@ -6866,6 +6866,7 @@ pub struct MariaDBMaxScaleAuth { #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientMaxConnections")] pub client_max_connections: Option, /// ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientPasswordSecretKeyRef")] pub client_password_secret_key_ref: Option, /// ClientUsername is the user to connect to MaxScale. It is defaulted if not provided. @@ -6879,6 +6880,7 @@ pub struct MariaDBMaxScaleAuth { #[serde(default, skip_serializing_if = "Option::is_none")] pub generate: Option, /// MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricsPasswordSecretKeyRef")] pub metrics_password_secret_key_ref: Option, /// MetricsUsername is an metrics username to call the REST API. It is defaulted if metrics are enabled. @@ -6890,6 +6892,7 @@ pub struct MariaDBMaxScaleAuth { #[serde(default, skip_serializing_if = "Option::is_none", rename = "monitorMaxConnections")] pub monitor_max_connections: Option, /// MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "monitorPasswordSecretKeyRef")] pub monitor_password_secret_key_ref: Option, /// MonitorUsername is the user used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided. @@ -6901,6 +6904,7 @@ pub struct MariaDBMaxScaleAuth { #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverMaxConnections")] pub server_max_connections: Option, /// ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverPasswordSecretKeyRef")] pub server_password_secret_key_ref: Option, /// ServerUsername is the user used by MaxScale to connect to MariaDB server. It is defaulted if not provided. @@ -6912,6 +6916,7 @@ pub struct MariaDBMaxScaleAuth { #[serde(default, skip_serializing_if = "Option::is_none", rename = "syncMaxConnections")] pub sync_max_connections: Option, /// SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "syncPasswordSecretKeyRef")] pub sync_password_secret_key_ref: Option, /// MonitoSyncUsernamerUsername is the user used by MaxScale config sync to connect to MariaDB server. It is defaulted when HA is enabled. @@ -6938,6 +6943,7 @@ pub struct MariaDBMaxScaleAuthAdminPasswordSecretKeyRef { } /// ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMaxScaleAuthClientPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. @@ -6956,6 +6962,7 @@ pub struct MariaDBMaxScaleAuthClientPasswordSecretKeyRef { } /// MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMaxScaleAuthMetricsPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. @@ -6974,6 +6981,7 @@ pub struct MariaDBMaxScaleAuthMetricsPasswordSecretKeyRef { } /// MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMaxScaleAuthMonitorPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. @@ -6992,6 +7000,7 @@ pub struct MariaDBMaxScaleAuthMonitorPasswordSecretKeyRef { } /// ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMaxScaleAuthServerPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. @@ -7010,6 +7019,7 @@ pub struct MariaDBMaxScaleAuthServerPasswordSecretKeyRef { } /// SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMaxScaleAuthSyncPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. @@ -12306,6 +12316,7 @@ pub struct MariaDBMetrics { #[serde(default, skip_serializing_if = "Option::is_none")] pub exporter: Option, /// PasswordSecretKeyRef is a reference to the password of the monitoring user used by the exporter. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordSecretKeyRef")] pub password_secret_key_ref: Option, /// ServiceMonitor defines the ServiceMonior object. @@ -16974,6 +16985,7 @@ pub struct MariaDBMetricsExporterVolumesVsphereVolume { } /// PasswordSecretKeyRef is a reference to the password of the monitoring user used by the exporter. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMetricsPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. @@ -17010,8 +17022,7 @@ pub struct MariaDBMetricsServiceMonitor { /// MyCnfConfigMapKeyRef is a reference to the my.cnf config file provided via a ConfigMap. /// If not provided, it will be defaulted with a reference to a ConfigMap containing the MyCnf field. -/// If the referred ConfigMap is labeled with "k8s.mariadb.com/watch", -/// an update to the Mariadb resource will be triggered when the ConfigMap is updated. +/// If the referred ConfigMap is labeled with "k8s.mariadb.com/watch", an update to the Mariadb resource will be triggered when the ConfigMap is updated. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMyCnfConfigMapKeyRef { /// The key to select. @@ -17026,7 +17037,8 @@ pub struct MariaDBMyCnfConfigMapKeyRef { pub optional: Option, } -/// PasswordSecretKeyRef is a Secret reference to the password of the initial user created on bootstrap. +/// PasswordSecretKeyRef is a reference to a Secret that contains the password for the initial user. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/maxscales.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/maxscales.rs index f116b6093..44b5ee838 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/maxscales.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/maxscales.rs @@ -872,6 +872,7 @@ pub struct MaxScaleAuth { #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientMaxConnections")] pub client_max_connections: Option, /// ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientPasswordSecretKeyRef")] pub client_password_secret_key_ref: Option, /// ClientUsername is the user to connect to MaxScale. It is defaulted if not provided. @@ -885,6 +886,7 @@ pub struct MaxScaleAuth { #[serde(default, skip_serializing_if = "Option::is_none")] pub generate: Option, /// MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricsPasswordSecretKeyRef")] pub metrics_password_secret_key_ref: Option, /// MetricsUsername is an metrics username to call the REST API. It is defaulted if metrics are enabled. @@ -896,6 +898,7 @@ pub struct MaxScaleAuth { #[serde(default, skip_serializing_if = "Option::is_none", rename = "monitorMaxConnections")] pub monitor_max_connections: Option, /// MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "monitorPasswordSecretKeyRef")] pub monitor_password_secret_key_ref: Option, /// MonitorUsername is the user used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided. @@ -907,6 +910,7 @@ pub struct MaxScaleAuth { #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverMaxConnections")] pub server_max_connections: Option, /// ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverPasswordSecretKeyRef")] pub server_password_secret_key_ref: Option, /// ServerUsername is the user used by MaxScale to connect to MariaDB server. It is defaulted if not provided. @@ -918,6 +922,7 @@ pub struct MaxScaleAuth { #[serde(default, skip_serializing_if = "Option::is_none", rename = "syncMaxConnections")] pub sync_max_connections: Option, /// SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "syncPasswordSecretKeyRef")] pub sync_password_secret_key_ref: Option, /// MonitoSyncUsernamerUsername is the user used by MaxScale config sync to connect to MariaDB server. It is defaulted when HA is enabled. @@ -944,6 +949,7 @@ pub struct MaxScaleAuthAdminPasswordSecretKeyRef { } /// ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MaxScaleAuthClientPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. @@ -962,6 +968,7 @@ pub struct MaxScaleAuthClientPasswordSecretKeyRef { } /// MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MaxScaleAuthMetricsPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. @@ -980,6 +987,7 @@ pub struct MaxScaleAuthMetricsPasswordSecretKeyRef { } /// MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MaxScaleAuthMonitorPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. @@ -998,6 +1006,7 @@ pub struct MaxScaleAuthMonitorPasswordSecretKeyRef { } /// ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MaxScaleAuthServerPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. @@ -1016,6 +1025,7 @@ pub struct MaxScaleAuthServerPasswordSecretKeyRef { } /// SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MaxScaleAuthSyncPasswordSecretKeyRef { /// Generate indicates whether the Secret should be generated if the Secret referenced is not present. diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/users.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/users.rs index 26455889e..6c20bd011 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/users.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/users.rs @@ -33,6 +33,7 @@ pub struct UserSpec { pub name: Option, /// PasswordSecretKeyRef is a reference to the password to be used by the User. /// If not provided, the account will be locked and the password will expire. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordSecretKeyRef")] pub password_secret_key_ref: Option, /// RequeueInterval is used to perform requeue reconciliations. @@ -86,6 +87,7 @@ pub struct UserMariaDbRef { /// PasswordSecretKeyRef is a reference to the password to be used by the User. /// If not provided, the account will be locked and the password will expire. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct UserPasswordSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. diff --git a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs index 9f838b55d..c4ee25776 100644 --- a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs +++ b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs @@ -140,8 +140,12 @@ pub struct ModuleDevicePluginContainerEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -181,8 +185,12 @@ pub struct ModuleDevicePluginContainerEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -532,8 +540,12 @@ pub struct ModuleDevicePluginVolumesCephfs { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleDevicePluginVolumesCephfsSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -568,8 +580,12 @@ pub struct ModuleDevicePluginVolumesCinder { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleDevicePluginVolumesCinderSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -596,8 +612,12 @@ pub struct ModuleDevicePluginVolumesConfigMap { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -661,8 +681,12 @@ pub struct ModuleDevicePluginVolumesCsi { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleDevicePluginVolumesCsiNodePublishSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1108,8 +1132,12 @@ pub struct ModuleDevicePluginVolumesFlexVolume { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleDevicePluginVolumesFlexVolumeSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1265,8 +1293,12 @@ pub struct ModuleDevicePluginVolumesIscsi { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleDevicePluginVolumesIscsiSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1474,8 +1506,12 @@ pub struct ModuleDevicePluginVolumesProjectedSourcesConfigMap { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -1571,8 +1607,12 @@ pub struct ModuleDevicePluginVolumesProjectedSourcesSecret { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -1701,8 +1741,12 @@ pub struct ModuleDevicePluginVolumesRbd { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleDevicePluginVolumesRbdSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1752,8 +1796,12 @@ pub struct ModuleDevicePluginVolumesScaleIo { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleDevicePluginVolumesScaleIoSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1844,8 +1892,12 @@ pub struct ModuleDevicePluginVolumesStorageos { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleDevicePluginVolumesStorageosSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1874,8 +1926,12 @@ pub struct ModuleDevicePluginVolumesVsphereVolume { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleImageRepoSecret { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1983,8 +2039,12 @@ pub struct ModuleModuleLoaderContainerBuildBuildArgs { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleModuleLoaderContainerBuildDockerfileConfigMap { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2002,8 +2062,12 @@ pub struct ModuleModuleLoaderContainerBuildKanikoParams { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleModuleLoaderContainerBuildSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2088,8 +2152,12 @@ pub struct ModuleModuleLoaderContainerKernelMappingsBuildBuildArgs { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleModuleLoaderContainerKernelMappingsBuildDockerfileConfigMap { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2107,8 +2175,12 @@ pub struct ModuleModuleLoaderContainerKernelMappingsBuildKanikoParams { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleModuleLoaderContainerKernelMappingsBuildSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2148,8 +2220,12 @@ pub struct ModuleModuleLoaderContainerKernelMappingsSign { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleModuleLoaderContainerKernelMappingsSignCertSecret { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2158,8 +2234,12 @@ pub struct ModuleModuleLoaderContainerKernelMappingsSignCertSecret { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleModuleLoaderContainerKernelMappingsSignKeySecret { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2278,8 +2358,12 @@ pub struct ModuleModuleLoaderContainerSign { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleModuleLoaderContainerSignCertSecret { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2288,8 +2372,12 @@ pub struct ModuleModuleLoaderContainerSignCertSecret { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleModuleLoaderContainerSignKeySecret { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs index 98276ecce..8eaf6a091 100644 --- a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs +++ b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs @@ -125,8 +125,12 @@ pub struct NodeModulesConfigModulesConfigModprobeRawArgs { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NodeModulesConfigModulesImageRepoSecret { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -245,8 +249,12 @@ pub struct NodeModulesConfigStatusModulesConfigModprobeRawArgs { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NodeModulesConfigStatusModulesImageRepoSecret { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/lib.rs b/kube-custom-resources-rs/src/lib.rs index a0fff38eb..7dc6f5ce1 100644 --- a/kube-custom-resources-rs/src/lib.rs +++ b/kube-custom-resources-rs/src/lib.rs @@ -597,6 +597,7 @@ apiVersion `chainsaw.kyverno.io/v1alpha1`: apiVersion `chainsaw.kyverno.io/v1alpha2`: - `Configuration` +- `Test` ## chaos_mesh_org @@ -2355,6 +2356,9 @@ apiVersion `operator.cluster.x-k8s.io/v1alpha2`: apiVersion `operator.cryostat.io/v1beta1`: - `Cryostat` +apiVersion `operator.cryostat.io/v1beta2`: +- `Cryostat` + ## operator_marin3r_3scale_net apiVersion `operator.marin3r.3scale.net/v1alpha1`: diff --git a/kube-custom-resources-rs/src/loki_grafana_com/v1/lokistacks.rs b/kube-custom-resources-rs/src/loki_grafana_com/v1/lokistacks.rs index 79949595b..fa042a14a 100644 --- a/kube-custom-resources-rs/src/loki_grafana_com/v1/lokistacks.rs +++ b/kube-custom-resources-rs/src/loki_grafana_com/v1/lokistacks.rs @@ -483,21 +483,23 @@ pub struct LokiStackStorage { pub tls: Option, } -/// ObjectStorageSchema defines the requirements needed to configure a new -/// storage schema. +/// ObjectStorageSchema defines a schema version and the date when it will become effective. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct LokiStackStorageSchemas { - /// EffectiveDate is the date in UTC that the schema will be applied on. - /// To ensure readibility of logs, this date should be before the current - /// date in UTC. + /// EffectiveDate contains a date in YYYY-MM-DD format which is interpreted in the UTC time zone. + /// + /// + /// The configuration always needs at least one schema that is currently valid. This means that when creating a new + /// LokiStack it is recommended to add a schema with the latest available version and an effective date of "yesterday". + /// New schema versions added to the configuration always needs to be placed "in the future", so that Loki can start + /// using it once the day rolls over. #[serde(rename = "effectiveDate")] pub effective_date: String, /// Version for writing and reading logs. pub version: LokiStackStorageSchemasVersion, } -/// ObjectStorageSchema defines the requirements needed to configure a new -/// storage schema. +/// ObjectStorageSchema defines a schema version and the date when it will become effective. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum LokiStackStorageSchemasVersion { #[serde(rename = "v11")] @@ -3054,21 +3056,23 @@ pub enum LokiStackStatusStorageCredentialMode { TokenCco, } -/// ObjectStorageSchema defines the requirements needed to configure a new -/// storage schema. +/// ObjectStorageSchema defines a schema version and the date when it will become effective. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct LokiStackStatusStorageSchemas { - /// EffectiveDate is the date in UTC that the schema will be applied on. - /// To ensure readibility of logs, this date should be before the current - /// date in UTC. + /// EffectiveDate contains a date in YYYY-MM-DD format which is interpreted in the UTC time zone. + /// + /// + /// The configuration always needs at least one schema that is currently valid. This means that when creating a new + /// LokiStack it is recommended to add a schema with the latest available version and an effective date of "yesterday". + /// New schema versions added to the configuration always needs to be placed "in the future", so that Loki can start + /// using it once the day rolls over. #[serde(rename = "effectiveDate")] pub effective_date: String, /// Version for writing and reading logs. pub version: LokiStackStatusStorageSchemasVersion, } -/// ObjectStorageSchema defines the requirements needed to configure a new -/// storage schema. +/// ObjectStorageSchema defines a schema version and the date when it will become effective. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum LokiStackStatusStorageSchemasVersion { #[serde(rename = "v11")] diff --git a/kube-custom-resources-rs/src/longhorn_io/v1beta2/volumes.rs b/kube-custom-resources-rs/src/longhorn_io/v1beta2/volumes.rs index 01db4e6b2..ff89d34cc 100644 --- a/kube-custom-resources-rs/src/longhorn_io/v1beta2/volumes.rs +++ b/kube-custom-resources-rs/src/longhorn_io/v1beta2/volumes.rs @@ -45,6 +45,9 @@ pub struct VolumeSpec { /// Deprecated: Replaced by field `image`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "engineImage")] pub engine_image: Option, + /// Setting that freezes the filesystem on the root partition before a snapshot is created. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "freezeFilesystemForSnapshot")] + pub freeze_filesystem_for_snapshot: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "fromBackup")] pub from_backup: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -135,6 +138,17 @@ pub enum VolumeDataLocality { StrictLocal, } +/// VolumeSpec defines the desired state of the Longhorn volume +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum VolumeFreezeFilesystemForSnapshot { + #[serde(rename = "ignored")] + Ignored, + #[serde(rename = "enabled")] + Enabled, + #[serde(rename = "disabled")] + Disabled, +} + /// VolumeSpec defines the desired state of the Longhorn volume #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum VolumeFrontend { diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs index 6c77c88e5..0d8e4fda2 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs @@ -339,6 +339,13 @@ pub struct PrometheusAgentSpec { /// enabling the StatefulSetMinReadySeconds feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minReadySeconds")] pub min_ready_seconds: Option, + /// Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). + /// For now this field has no effect. + /// + /// + /// (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, /// Defines on which Nodes the Pods are scheduled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, @@ -4240,6 +4247,14 @@ pub enum PrometheusAgentLogLevel { Error, } +/// Specification of the desired behavior of the Prometheus agent. More info: +/// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusAgentMode { + StatefulSet, + DaemonSet, +} + /// The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. /// The default behavior is all PVCs are retained. /// This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs index 231f1c65c..c5fcf4cc8 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs @@ -42,6 +42,9 @@ pub struct ScrapeConfigSpec { /// DockerSDConfigs defines a list of Docker service discovery configurations. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dockerSDConfigs")] pub docker_sd_configs: Option>, + /// DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dockerSwarmSDConfigs")] + pub docker_swarm_sd_configs: Option>, /// EC2SDConfigs defines a list of EC2 service discovery configurations. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ec2SDConfigs")] pub ec2_sd_configs: Option>, @@ -108,6 +111,9 @@ pub struct ScrapeConfigSpec { /// Only valid in Prometheus versions 2.27.0 and newer. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelValueLengthLimit")] pub label_value_length_limit: Option, + /// LinodeSDConfigs defines a list of Linode service discovery configurations. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "linodeSDConfigs")] + pub linode_sd_configs: Option>, /// MetricRelabelConfigs to apply to samples before ingestion. #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricRelabelings")] pub metric_relabelings: Option>, @@ -148,6 +154,9 @@ pub struct ScrapeConfigSpec { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, + /// PuppetDBSDConfigs defines a list of PuppetDB service discovery configurations. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "puppetDBSDConfigs")] + pub puppet_dbsd_configs: Option>, /// RelabelConfigs defines how to rewrite the target's labels before scraping. /// Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. /// The original scrape job's name is available via the `__tmp_prometheus_job_name` label. @@ -2024,101 +2033,30 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. -/// The private IP address is used by default, but may be changed to the public IP address with relabeling. -/// The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigs { - /// AccessKey is the AWS API key. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessKey")] - pub access_key: Option, - /// Filters can be used optionally to filter the instance list by other criteria. - /// Available filter criteria can be found here: - /// https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - /// Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - #[serde(default, skip_serializing_if = "Option::is_none")] - pub filters: Option>, - /// The port to scrape metrics from. If using the public IP address, this must - /// instead be specified in the relabeling rule. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, - /// RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] - pub refresh_interval: Option, - /// The AWS region - #[serde(default, skip_serializing_if = "Option::is_none")] - pub region: Option, - /// AWS Role ARN, an alternative to using AWS API keys. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "roleARN")] - pub role_arn: Option, - /// SecretKey is the AWS API secret. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKey")] - pub secret_key: Option, -} - -/// AccessKey is the AWS API key. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsAccessKey { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// EC2Filter is the configuration for filtering EC2 instances. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsFilters { - pub name: String, - pub values: Vec, -} - -/// SecretKey is the AWS API secret. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsSecretKey { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. -/// Prometheus will periodically check the REST endpoint and create a target for every app instance. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigs { - /// Authorization header to use on every scrape request. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ScrapeConfigDockerSwarmSdConfigs { + /// Authorization header configuration to authenticate against the target HTTP endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// BasicAuth information to use on every scrape request. + pub authorization: Option, + /// Optional HTTP basic authentication information. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, + pub basic_auth: Option, /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, + /// Optional filters to limit the discovery process to a subset of available + /// resources. + /// The available filters are listed in the upstream documentation: + /// Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + /// Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + /// Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filters: Option>, /// Configure whether HTTP requests follow HTTP 3xx redirects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, + /// Address of the Docker daemon + pub host: String, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. @@ -2128,16 +2066,20 @@ pub struct ScrapeConfigEurekaSdConfigs { #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// Optional OAuth 2.0 configuration. - /// Cannot be set at the same time as `authorization` or `basic_auth`. + /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, + pub oauth2: Option, + /// The port to scrape metrics from, when `role` is nodes, and for discovered + /// tasks and services that don't have published ports. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -2151,22 +2093,22 @@ pub struct ScrapeConfigEurekaSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// Refresh interval to re-read the instance list. + /// The time after which the service discovery data is refreshed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// The URL to connect to the Eureka server. - pub server: String, - /// TLS configuration applying to the target HTTP endpoint. + /// Role of the targets to retrieve. Must be `Services`, `Tasks`, or `Nodes`. + pub role: ScrapeConfigDockerSwarmSdConfigsRole, + /// TLS configuration to use on every scrape request #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, } -/// Authorization header to use on every scrape request. +/// Authorization header configuration to authenticate against the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsAuthorization { +pub struct ScrapeConfigDockerSwarmSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// @@ -2180,7 +2122,7 @@ pub struct ScrapeConfigEurekaSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigDockerSwarmSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2197,23 +2139,23 @@ pub struct ScrapeConfigEurekaSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to use on every scrape request. +/// Optional HTTP basic authentication information. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsBasicAuth { +pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsBasicAuthPassword { +pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2233,7 +2175,7 @@ pub struct ScrapeConfigEurekaSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsBasicAuthUsername { +pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2250,18 +2192,27 @@ pub struct ScrapeConfigEurekaSdConfigsBasicAuthUsername { pub optional: Option, } +/// Filter is the configuration to limit the discovery process to a subset of available resources. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigDockerSwarmSdConfigsFilters { + /// Name is the key of the field to check against. + pub name: String, + /// Values is the value or set of values to check for a match. + pub values: Vec, +} + /// Optional OAuth 2.0 configuration. -/// Cannot be set at the same time as `authorization` or `basic_auth`. +/// Cannot be set at the same time as `authorization`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2 { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigEurekaSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigDockerSwarmSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigEurekaSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigDockerSwarmSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -2277,18 +2228,18 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2ClientId { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2307,7 +2258,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2327,7 +2278,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2346,7 +2297,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsProxyConnectHeader { +pub struct ScrapeConfigDockerSwarmSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2363,21 +2314,28 @@ pub struct ScrapeConfigEurekaSdConfigsProxyConnectHeader { pub optional: Option, } -/// TLS configuration applying to the target HTTP endpoint. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigDockerSwarmSdConfigsRole { + Services, + Tasks, + Nodes, +} + +/// TLS configuration to use on every scrape request #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfig { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -2385,18 +2343,18 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCa { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2415,7 +2373,7 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2434,18 +2392,18 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCert { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2464,7 +2422,7 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2483,7 +2441,7 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2500,99 +2458,120 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// FileSDConfig defines a Prometheus file service discovery configuration -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigFileSdConfigs { - /// List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - /// prometheus-operator project makes no guarantees about the working directory where the configuration file is - /// stored. - /// Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - pub files: Vec, - /// RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] - pub refresh_interval: Option, -} - -/// GCESDConfig configures scrape targets from GCP GCE instances. -/// The private IP address is used by default, but may be changed to -/// the public IP address with relabeling. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config -/// -/// -/// The GCE service discovery will load the Google Cloud credentials -/// from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. -/// See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform -/// -/// -/// A pre-requisite for using GCESDConfig is that a Secret containing valid -/// Google Cloud credentials is mounted into the Prometheus or PrometheusAgent -/// pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS -/// environment variable is set to /etc/prometheus/secrets//. +/// EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. +/// The private IP address is used by default, but may be changed to the public IP address with relabeling. +/// The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigGceSdConfigs { - /// Filter can be used optionally to filter the instance list by other criteria - /// Syntax of this filter is described in the filter query parameter section: - /// https://cloud.google.com/compute/docs/reference/latest/instances/list +pub struct ScrapeConfigEc2SdConfigs { + /// AccessKey is the AWS API key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessKey")] + pub access_key: Option, + /// Filters can be used optionally to filter the instance list by other criteria. + /// Available filter criteria can be found here: + /// https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + /// Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html #[serde(default, skip_serializing_if = "Option::is_none")] - pub filter: Option, + pub filters: Option>, /// The port to scrape metrics from. If using the public IP address, this must /// instead be specified in the relabeling rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, - /// The Google Cloud Project ID - pub project: String, /// RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// The tag separator is used to separate the tags on concatenation - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagSeparator")] - pub tag_separator: Option, - /// The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs. - pub zone: String, + /// The AWS region + #[serde(default, skip_serializing_if = "Option::is_none")] + pub region: Option, + /// AWS Role ARN, an alternative to using AWS API keys. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "roleARN")] + pub role_arn: Option, + /// SecretKey is the AWS API secret. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKey")] + pub secret_key: Option, } -/// HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. -/// This service discovery uses the public IPv4 address by default, but that can be changed with relabeling -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigs { - /// Authorization header configuration, required when role is hcloud. - /// Role robot does not support bearer token authentication. +/// AccessKey is the AWS API key. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigEc2SdConfigsAccessKey { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// BasicAuth information to use on every scrape request, required when role is robot. - /// Role hcloud does not support basic auth. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, - /// Whether to enable HTTP2. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] - pub enable_http2: Option, - /// Configure whether HTTP requests follow HTTP 3xx redirects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] - pub follow_redirects: Option, - /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - /// that should be excluded from proxying. IP and domain names can - /// contain port numbers. - /// - /// - /// It requires Prometheus >= v2.43.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] - pub no_proxy: Option, - /// Optional OAuth 2.0 configuration. - /// Cannot be used at the same time as `basic_auth` or `authorization`. + pub name: Option, + /// Specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, - /// The port to scrape metrics from. + pub optional: Option, +} + +/// EC2Filter is the configuration for filtering EC2 instances. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigEc2SdConfigsFilters { + pub name: String, + pub values: Vec, +} + +/// SecretKey is the AWS API secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigEc2SdConfigsSecretKey { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. +/// Prometheus will periodically check the REST endpoint and create a target for every app instance. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigEurekaSdConfigs { + /// Authorization header to use on every scrape request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option, + /// BasicAuth information to use on every scrape request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] + pub basic_auth: Option, + /// Whether to enable HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] + pub enable_http2: Option, + /// Configure whether HTTP requests follow HTTP 3xx redirects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, + /// Optional OAuth 2.0 configuration. + /// Cannot be set at the same time as `authorization` or `basic_auth`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -2606,23 +2585,22 @@ pub struct ScrapeConfigHetznerSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// The time after which the servers are refreshed. + /// Refresh interval to re-read the instance list. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// The Hetzner role of entities that should be discovered. - pub role: ScrapeConfigHetznerSdConfigsRole, - /// TLS configuration to use on every scrape request. + /// The URL to connect to the Eureka server. + pub server: String, + /// TLS configuration applying to the target HTTP endpoint. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, } -/// Authorization header configuration, required when role is hcloud. -/// Role robot does not support bearer token authentication. +/// Authorization header to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsAuthorization { +pub struct ScrapeConfigEurekaSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// @@ -2636,7 +2614,7 @@ pub struct ScrapeConfigHetznerSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigEurekaSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2653,24 +2631,23 @@ pub struct ScrapeConfigHetznerSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to use on every scrape request, required when role is robot. -/// Role hcloud does not support basic auth. +/// BasicAuth information to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsBasicAuth { +pub struct ScrapeConfigEurekaSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsBasicAuthPassword { +pub struct ScrapeConfigEurekaSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2690,7 +2667,7 @@ pub struct ScrapeConfigHetznerSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsBasicAuthUsername { +pub struct ScrapeConfigEurekaSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2708,17 +2685,17 @@ pub struct ScrapeConfigHetznerSdConfigsBasicAuthUsername { } /// Optional OAuth 2.0 configuration. -/// Cannot be used at the same time as `basic_auth` or `authorization`. +/// Cannot be set at the same time as `authorization` or `basic_auth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2 { +pub struct ScrapeConfigEurekaSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigHetznerSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigEurekaSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigHetznerSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigEurekaSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -2734,18 +2711,18 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2ClientId { +pub struct ScrapeConfigEurekaSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2764,7 +2741,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2784,7 +2761,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigEurekaSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2803,7 +2780,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsProxyConnectHeader { +pub struct ScrapeConfigEurekaSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2820,36 +2797,21 @@ pub struct ScrapeConfigHetznerSdConfigsProxyConnectHeader { pub optional: Option, } -/// HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. -/// This service discovery uses the public IPv4 address by default, but that can be changed with relabeling -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigHetznerSdConfigsRole { - #[serde(rename = "hcloud")] - Hcloud, - #[serde(rename = "Hcloud")] - HcloudX, - #[serde(rename = "robot")] - Robot, - #[serde(rename = "Robot")] - RobotX, -} - -/// TLS configuration to use on every scrape request. +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfig { +pub struct ScrapeConfigEurekaSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -2857,18 +2819,18 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCa { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2887,7 +2849,7 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2906,18 +2868,18 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCert { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2936,7 +2898,7 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2955,7 +2917,7 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2972,17 +2934,77 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// HTTPSDConfig defines a prometheus HTTP service discovery configuration -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config +/// FileSDConfig defines a Prometheus file service discovery configuration +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigs { - /// Authorization header configuration to authenticate against the target HTTP endpoint. +pub struct ScrapeConfigFileSdConfigs { + /// List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + /// prometheus-operator project makes no guarantees about the working directory where the configuration file is + /// stored. + /// Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + pub files: Vec, + /// RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, +} + +/// GCESDConfig configures scrape targets from GCP GCE instances. +/// The private IP address is used by default, but may be changed to +/// the public IP address with relabeling. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config +/// +/// +/// The GCE service discovery will load the Google Cloud credentials +/// from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. +/// See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform +/// +/// +/// A pre-requisite for using GCESDConfig is that a Secret containing valid +/// Google Cloud credentials is mounted into the Prometheus or PrometheusAgent +/// pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS +/// environment variable is set to /etc/prometheus/secrets//. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigGceSdConfigs { + /// Filter can be used optionally to filter the instance list by other criteria + /// Syntax of this filter is described in the filter query parameter section: + /// https://cloud.google.com/compute/docs/reference/latest/instances/list #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// BasicAuth information to authenticate against the target HTTP endpoint. - /// More info: https://prometheus.io/docs/operating/configuration/#endpoints + pub filter: Option, + /// The port to scrape metrics from. If using the public IP address, this must + /// instead be specified in the relabeling rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// The Google Cloud Project ID + pub project: String, + /// RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, + /// The tag separator is used to separate the tags on concatenation + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagSeparator")] + pub tag_separator: Option, + /// The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs. + pub zone: String, +} + +/// HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. +/// This service discovery uses the public IPv4 address by default, but that can be changed with relabeling +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ScrapeConfigHetznerSdConfigs { + /// Authorization header configuration, required when role is hcloud. + /// Role robot does not support bearer token authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option, + /// BasicAuth information to use on every scrape request, required when role is robot. + /// Role hcloud does not support basic auth. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, + pub basic_auth: Option, + /// Whether to enable HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] + pub enable_http2: Option, + /// Configure whether HTTP requests follow HTTP 3xx redirects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. @@ -2991,13 +3013,20 @@ pub struct ScrapeConfigHttpSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, + /// Optional OAuth 2.0 configuration. + /// Cannot be used at the same time as `basic_auth` or `authorization`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// The port to scrape metrics from. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -3011,23 +3040,23 @@ pub struct ScrapeConfigHttpSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// RefreshInterval configures the refresh interval at which Prometheus will re-query the - /// endpoint to update the target list. + /// The time after which the servers are refreshed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// TLS configuration applying to the target HTTP endpoint. + /// The Hetzner role of entities that should be discovered. + pub role: ScrapeConfigHetznerSdConfigsRole, + /// TLS configuration to use on every scrape request. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, - /// URL from which the targets are fetched. - pub url: String, + pub tls_config: Option, } -/// Authorization header configuration to authenticate against the target HTTP endpoint. +/// Authorization header configuration, required when role is hcloud. +/// Role robot does not support bearer token authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsAuthorization { +pub struct ScrapeConfigHetznerSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// @@ -3041,7 +3070,7 @@ pub struct ScrapeConfigHttpSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigHetznerSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3058,24 +3087,24 @@ pub struct ScrapeConfigHttpSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to authenticate against the target HTTP endpoint. -/// More info: https://prometheus.io/docs/operating/configuration/#endpoints +/// BasicAuth information to use on every scrape request, required when role is robot. +/// Role hcloud does not support basic auth. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsBasicAuth { +pub struct ScrapeConfigHetznerSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsBasicAuthPassword { +pub struct ScrapeConfigHetznerSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3095,7 +3124,101 @@ pub struct ScrapeConfigHttpSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsBasicAuthUsername { +pub struct ScrapeConfigHetznerSdConfigsBasicAuthUsername { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Optional OAuth 2.0 configuration. +/// Cannot be used at the same time as `basic_auth` or `authorization`. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHetznerSdConfigsOauth2 { + /// `clientId` specifies a key of a Secret or ConfigMap containing the + /// OAuth2 client's ID. + #[serde(rename = "clientId")] + pub client_id: ScrapeConfigHetznerSdConfigsOauth2ClientId, + /// `clientSecret` specifies a key of a Secret containing the OAuth2 + /// client's secret. + #[serde(rename = "clientSecret")] + pub client_secret: ScrapeConfigHetznerSdConfigsOauth2ClientSecret, + /// `endpointParams` configures the HTTP parameters to append to the token + /// URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] + pub endpoint_params: Option>, + /// `scopes` defines the OAuth2 scopes used for the token request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// `tokenURL` configures the URL to fetch the token from. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// `clientId` specifies a key of a Secret or ConfigMap containing the +/// OAuth2 client's ID. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHetznerSdConfigsOauth2ClientId { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// `clientSecret` specifies a key of a Secret containing the OAuth2 +/// client's secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHetznerSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3114,7 +3237,7 @@ pub struct ScrapeConfigHttpSdConfigsBasicAuthUsername { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsProxyConnectHeader { +pub struct ScrapeConfigHetznerSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3131,21 +3254,36 @@ pub struct ScrapeConfigHttpSdConfigsProxyConnectHeader { pub optional: Option, } -/// TLS configuration applying to the target HTTP endpoint. +/// HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. +/// This service discovery uses the public IPv4 address by default, but that can be changed with relabeling +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigHetznerSdConfigsRole { + #[serde(rename = "hcloud")] + Hcloud, + #[serde(rename = "Hcloud")] + HcloudX, + #[serde(rename = "robot")] + Robot, + #[serde(rename = "Robot")] + RobotX, +} + +/// TLS configuration to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfig { +pub struct ScrapeConfigHetznerSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -3153,18 +3291,18 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCa { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -3183,7 +3321,7 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3202,18 +3340,18 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCert { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -3232,7 +3370,7 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3251,7 +3389,7 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3268,39 +3406,17 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigs { - /// The API server address consisting of a hostname or IP address followed - /// by an optional port number. - /// If left empty, Prometheus is assumed to run inside - /// of the cluster. It will discover API servers automatically and use the pod's - /// CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiServer")] - pub api_server: Option, - /// Optional metadata to attach to discovered targets. - /// It requires Prometheus >= v2.35.0 for `pod` role and - /// Prometheus >= v2.37.0 for `endpoints` and `endpointslice` roles. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "attachMetadata")] - pub attach_metadata: Option, - /// Authorization header to use on every scrape request. - /// Cannot be set at the same time as `basicAuth`, or `oauth2`. +/// HTTPSDConfig defines a prometheus HTTP service discovery configuration +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigs { + /// Authorization header configuration to authenticate against the target HTTP endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// BasicAuth information to use on every scrape request. - /// Cannot be set at the same time as `authorization`, or `oauth2`. + pub authorization: Option, + /// BasicAuth information to authenticate against the target HTTP endpoint. + /// More info: https://prometheus.io/docs/operating/configuration/#endpoints #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, - /// Whether to enable HTTP2. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] - pub enable_http2: Option, - /// Configure whether HTTP requests follow HTTP 3xx redirects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] - pub follow_redirects: Option, - /// Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option, + pub basic_auth: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. @@ -3309,17 +3425,13 @@ pub struct ScrapeConfigKubernetesSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, - /// Optional OAuth 2.0 configuration. - /// Cannot be set at the same time as `authorization`, or `basicAuth`. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -3333,36 +3445,23 @@ pub struct ScrapeConfigKubernetesSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// Role of the Kubernetes entities that should be discovered. - pub role: ScrapeConfigKubernetesSdConfigsRole, - /// Selector to select objects. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub selectors: Option>, - /// TLS configuration to use on every scrape request. + /// RefreshInterval configures the refresh interval at which Prometheus will re-query the + /// endpoint to update the target list. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, + /// TLS configuration applying to the target HTTP endpoint. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, -} - -/// Optional metadata to attach to discovered targets. -/// It requires Prometheus >= v2.35.0 for `pod` role and -/// Prometheus >= v2.37.0 for `endpoints` and `endpointslice` roles. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsAttachMetadata { - /// Attaches node metadata to discovered targets. - /// When set to true, Prometheus must have the `get` permission on the - /// `Nodes` objects. - /// Only valid for Pod, Endpoint and Endpointslice roles. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub node: Option, + pub tls_config: Option, + /// URL from which the targets are fetched. + pub url: String, } -/// Authorization header to use on every scrape request. -/// Cannot be set at the same time as `basicAuth`, or `oauth2`. +/// Authorization header configuration to authenticate against the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsAuthorization { +pub struct ScrapeConfigHttpSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// @@ -3376,7 +3475,7 @@ pub struct ScrapeConfigKubernetesSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigHttpSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3393,24 +3492,24 @@ pub struct ScrapeConfigKubernetesSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to use on every scrape request. -/// Cannot be set at the same time as `authorization`, or `oauth2`. +/// BasicAuth information to authenticate against the target HTTP endpoint. +/// More info: https://prometheus.io/docs/operating/configuration/#endpoints #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsBasicAuth { +pub struct ScrapeConfigHttpSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsBasicAuthPassword { +pub struct ScrapeConfigHttpSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3430,113 +3529,7 @@ pub struct ScrapeConfigKubernetesSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsBasicAuthUsername { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsNamespaces { - /// List of namespaces where to watch for resources. - /// If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub names: Option>, - /// Includes the namespace in which the Prometheus pod exists to the list of watched namesapces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "ownNamespace")] - pub own_namespace: Option, -} - -/// Optional OAuth 2.0 configuration. -/// Cannot be set at the same time as `authorization`, or `basicAuth`. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2 { - /// `clientId` specifies a key of a Secret or ConfigMap containing the - /// OAuth2 client's ID. - #[serde(rename = "clientId")] - pub client_id: ScrapeConfigKubernetesSdConfigsOauth2ClientId, - /// `clientSecret` specifies a key of a Secret containing the OAuth2 - /// client's secret. - #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigKubernetesSdConfigsOauth2ClientSecret, - /// `endpointParams` configures the HTTP parameters to append to the token - /// URL. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] - pub endpoint_params: Option>, - /// `scopes` defines the OAuth2 scopes used for the token request. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub scopes: Option>, - /// `tokenURL` configures the URL to fetch the token from. - #[serde(rename = "tokenUrl")] - pub token_url: String, -} - -/// `clientId` specifies a key of a Secret or ConfigMap containing the -/// OAuth2 client's ID. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientId { - /// ConfigMap containing data to use for the targets. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, - /// Secret containing data to use for the targets. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, -} - -/// ConfigMap containing data to use for the targets. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdConfigMap { - /// The key to select. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the ConfigMap or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// Secret containing data to use for the targets. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdSecret { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// `clientSecret` specifies a key of a Secret containing the OAuth2 -/// client's secret. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigHttpSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3555,7 +3548,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsProxyConnectHeader { +pub struct ScrapeConfigHttpSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3572,79 +3565,21 @@ pub struct ScrapeConfigKubernetesSdConfigsProxyConnectHeader { pub optional: Option, } -/// KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKubernetesSdConfigsRole { - Node, - #[serde(rename = "node")] - NodeX, - Service, - #[serde(rename = "service")] - ServiceX, - Pod, - #[serde(rename = "pod")] - PodX, - Endpoints, - #[serde(rename = "endpoints")] - EndpointsX, - EndpointSlice, - #[serde(rename = "endpointslice")] - Endpointslice, - Ingress, - #[serde(rename = "ingress")] - IngressX, -} - -/// K8SSelectorConfig is Kubernetes Selector Config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsSelectors { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub field: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub label: Option, - /// Role is role of the service in Kubernetes. - pub role: ScrapeConfigKubernetesSdConfigsSelectorsRole, -} - -/// K8SSelectorConfig is Kubernetes Selector Config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKubernetesSdConfigsSelectorsRole { - Node, - #[serde(rename = "node")] - NodeX, - Service, - #[serde(rename = "service")] - ServiceX, - Pod, - #[serde(rename = "pod")] - PodX, - Endpoints, - #[serde(rename = "endpoints")] - EndpointsX, - EndpointSlice, - #[serde(rename = "endpointslice")] - Endpointslice, - Ingress, - #[serde(rename = "ingress")] - IngressX, -} - -/// TLS configuration to use on every scrape request. +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfig { +pub struct ScrapeConfigHttpSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -3652,18 +3587,18 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCa { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -3682,7 +3617,7 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3701,18 +3636,18 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCert { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -3731,7 +3666,7 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3750,7 +3685,7 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigHttpSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3767,28 +3702,39 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// KumaSDConfig allow retrieving scrape targets from Kuma's control plane. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigs { +/// KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ScrapeConfigKubernetesSdConfigs { + /// The API server address consisting of a hostname or IP address followed + /// by an optional port number. + /// If left empty, Prometheus is assumed to run inside + /// of the cluster. It will discover API servers automatically and use the pod's + /// CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiServer")] + pub api_server: Option, + /// Optional metadata to attach to discovered targets. + /// It requires Prometheus >= v2.35.0 for `pod` role and + /// Prometheus >= v2.37.0 for `endpoints` and `endpointslice` roles. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "attachMetadata")] + pub attach_metadata: Option, /// Authorization header to use on every scrape request. + /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, + pub authorization: Option, /// BasicAuth information to use on every scrape request. + /// Cannot be set at the same time as `authorization`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, - /// Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientID")] - pub client_id: Option, + pub basic_auth: Option, /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, - /// The time after which the monitoring assignments are refreshed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fetchTimeout")] - pub fetch_timeout: Option, /// Configure whether HTTP requests follow HTTP 3xx redirects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, + /// Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. @@ -3800,14 +3746,14 @@ pub struct ScrapeConfigKumaSdConfigs { /// Optional OAuth 2.0 configuration. /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, + pub oauth2: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -3821,22 +3767,36 @@ pub struct ScrapeConfigKumaSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// The time to wait between polling update requests. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] - pub refresh_interval: Option, - /// Address of the Kuma Control Plane's MADS xDS server. - pub server: String, - /// TLS configuration to use on every scrape request - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, -} - -/// Authorization header to use on every scrape request. + /// Role of the Kubernetes entities that should be discovered. + pub role: ScrapeConfigKubernetesSdConfigsRole, + /// Selector to select objects. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selectors: Option>, + /// TLS configuration to use on every scrape request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] + pub tls_config: Option, +} + +/// Optional metadata to attach to discovered targets. +/// It requires Prometheus >= v2.35.0 for `pod` role and +/// Prometheus >= v2.37.0 for `endpoints` and `endpointslice` roles. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsAuthorization { +pub struct ScrapeConfigKubernetesSdConfigsAttachMetadata { + /// Attaches node metadata to discovered targets. + /// When set to true, Prometheus must have the `get` permission on the + /// `Nodes` objects. + /// Only valid for Pod, Endpoint and Endpointslice roles. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub node: Option, +} + +/// Authorization header to use on every scrape request. +/// Cannot be set at the same time as `basicAuth`, or `oauth2`. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKubernetesSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// @@ -3850,7 +3810,7 @@ pub struct ScrapeConfigKumaSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigKubernetesSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3868,22 +3828,23 @@ pub struct ScrapeConfigKumaSdConfigsAuthorizationCredentials { } /// BasicAuth information to use on every scrape request. +/// Cannot be set at the same time as `authorization`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsBasicAuth { +pub struct ScrapeConfigKubernetesSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsBasicAuthPassword { +pub struct ScrapeConfigKubernetesSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3903,7 +3864,7 @@ pub struct ScrapeConfigKumaSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsBasicAuthUsername { +pub struct ScrapeConfigKubernetesSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3920,18 +3881,30 @@ pub struct ScrapeConfigKumaSdConfigsBasicAuthUsername { pub optional: Option, } +/// Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKubernetesSdConfigsNamespaces { + /// List of namespaces where to watch for resources. + /// If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// Includes the namespace in which the Prometheus pod exists to the list of watched namesapces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ownNamespace")] + pub own_namespace: Option, +} + /// Optional OAuth 2.0 configuration. /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2 { +pub struct ScrapeConfigKubernetesSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigKumaSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigKubernetesSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigKumaSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigKubernetesSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -3947,18 +3920,18 @@ pub struct ScrapeConfigKumaSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2ClientId { +pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -3977,7 +3950,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3997,7 +3970,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4016,7 +3989,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsProxyConnectHeader { +pub struct ScrapeConfigKubernetesSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4033,21 +4006,79 @@ pub struct ScrapeConfigKumaSdConfigsProxyConnectHeader { pub optional: Option, } -/// TLS configuration to use on every scrape request +/// KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigKubernetesSdConfigsRole { + Node, + #[serde(rename = "node")] + NodeX, + Service, + #[serde(rename = "service")] + ServiceX, + Pod, + #[serde(rename = "pod")] + PodX, + Endpoints, + #[serde(rename = "endpoints")] + EndpointsX, + EndpointSlice, + #[serde(rename = "endpointslice")] + Endpointslice, + Ingress, + #[serde(rename = "ingress")] + IngressX, +} + +/// K8SSelectorConfig is Kubernetes Selector Config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ScrapeConfigKubernetesSdConfigsSelectors { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub field: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub label: Option, + /// Role is role of the service in Kubernetes. + pub role: ScrapeConfigKubernetesSdConfigsSelectorsRole, +} + +/// K8SSelectorConfig is Kubernetes Selector Config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigKubernetesSdConfigsSelectorsRole { + Node, + #[serde(rename = "node")] + NodeX, + Service, + #[serde(rename = "service")] + ServiceX, + Pod, + #[serde(rename = "pod")] + PodX, + Endpoints, + #[serde(rename = "endpoints")] + EndpointsX, + EndpointSlice, + #[serde(rename = "endpointslice")] + Endpointslice, + Ingress, + #[serde(rename = "ingress")] + IngressX, +} + +/// TLS configuration to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfig { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -4055,18 +4086,18 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCa { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4085,7 +4116,7 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4104,18 +4135,18 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCert { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4134,7 +4165,7 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4153,7 +4184,7 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4170,60 +4201,809 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, -/// scraped samples and remote write samples. -/// -/// -/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +/// KumaSDConfig allow retrieving scrape targets from Kuma's control plane. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigMetricRelabelings { - /// Action to perform based on the regex matching. - /// - /// - /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - /// - /// - /// Default: "Replace" +pub struct ScrapeConfigKumaSdConfigs { + /// Authorization header to use on every scrape request. #[serde(default, skip_serializing_if = "Option::is_none")] - pub action: Option, - /// Modulus to take of the hash of the source label values. + pub authorization: Option, + /// BasicAuth information to use on every scrape request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] + pub basic_auth: Option, + /// Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientID")] + pub client_id: Option, + /// Whether to enable HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] + pub enable_http2: Option, + /// The time after which the monitoring assignments are refreshed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fetchTimeout")] + pub fetch_timeout: Option, + /// Configure whether HTTP requests follow HTTP 3xx redirects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. /// /// - /// Only applicable when the action is `HashMod`. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub modulus: Option, - /// Regular expression against which the extracted value is matched. + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, + /// Optional OAuth 2.0 configuration. + /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub regex: Option, - /// Replacement value against which a Replace action is performed if the - /// regular expression matches. + pub oauth2: Option, + /// ProxyConnectHeader optionally specifies headers to send to + /// proxies during CONNECT requests. /// /// - /// Regex capture groups are available. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub replacement: Option, - /// Separator is the string between concatenated SourceLabels. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub separator: Option, - /// The source labels select values from existing labels. Their content is - /// concatenated using the configured Separator and matched against the - /// configured regular expression. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceLabels")] - pub source_labels: Option>, - /// Label to which the resulting string is written in a replacement. + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] + pub proxy_connect_header: Option>, + /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + /// If unset, Prometheus uses its default value. /// /// - /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - /// `KeepEqual` and `DropEqual` actions. + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] + pub proxy_from_environment: Option, + /// `proxyURL` defines the HTTP proxy server to use. /// /// - /// Regex capture groups are available. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] - pub target_label: Option, + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] + pub proxy_url: Option, + /// The time to wait between polling update requests. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, + /// Address of the Kuma Control Plane's MADS xDS server. + pub server: String, + /// TLS configuration to use on every scrape request + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] + pub tls_config: Option, } -/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// Authorization header to use on every scrape request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsAuthorization { + /// Selects a key of a Secret in the namespace that contains the credentials for authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Defines the authentication type. The value is case-insensitive. + /// + /// + /// "Basic" is not a supported value. + /// + /// + /// Default: "Bearer" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// Selects a key of a Secret in the namespace that contains the credentials for authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsAuthorizationCredentials { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// BasicAuth information to use on every scrape request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsBasicAuth { + /// `password` specifies a key of a Secret containing the password for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub password: Option, + /// `username` specifies a key of a Secret containing the username for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub username: Option, +} + +/// `password` specifies a key of a Secret containing the password for +/// authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsBasicAuthPassword { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// `username` specifies a key of a Secret containing the username for +/// authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsBasicAuthUsername { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Optional OAuth 2.0 configuration. +/// Cannot be set at the same time as `authorization`, or `basicAuth`. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsOauth2 { + /// `clientId` specifies a key of a Secret or ConfigMap containing the + /// OAuth2 client's ID. + #[serde(rename = "clientId")] + pub client_id: ScrapeConfigKumaSdConfigsOauth2ClientId, + /// `clientSecret` specifies a key of a Secret containing the OAuth2 + /// client's secret. + #[serde(rename = "clientSecret")] + pub client_secret: ScrapeConfigKumaSdConfigsOauth2ClientSecret, + /// `endpointParams` configures the HTTP parameters to append to the token + /// URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] + pub endpoint_params: Option>, + /// `scopes` defines the OAuth2 scopes used for the token request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// `tokenURL` configures the URL to fetch the token from. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// `clientId` specifies a key of a Secret or ConfigMap containing the +/// OAuth2 client's ID. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsOauth2ClientId { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// `clientSecret` specifies a key of a Secret containing the OAuth2 +/// client's secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsOauth2ClientSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsProxyConnectHeader { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// TLS configuration to use on every scrape request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsTlsConfig { + /// Certificate authority used when verifying server certificates. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ca: Option, + /// Client certificate to present when doing client-authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cert: Option, + /// Disable target certificate validation. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] + pub insecure_skip_verify: Option, + /// Secret containing the client key file for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] + pub key_secret: Option, + /// Used to verify the hostname for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] + pub server_name: Option, +} + +/// Certificate authority used when verifying server certificates. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsTlsConfigCa { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsTlsConfigCaConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsTlsConfigCaSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Client certificate to present when doing client-authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsTlsConfigCert { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsTlsConfigCertConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsTlsConfigCertSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing the client key file for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigsTlsConfigKeySecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigs { + /// Authorization header configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option, + /// Whether to enable HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] + pub enable_http2: Option, + /// Configure whether HTTP requests follow HTTP 3xx redirects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, + /// Optional OAuth 2.0 configuration. + /// Cannot be used at the same time as `authorization`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Default port to scrape metrics from. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// ProxyConnectHeader optionally specifies headers to send to + /// proxies during CONNECT requests. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] + pub proxy_connect_header: Option>, + /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + /// If unset, Prometheus uses its default value. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] + pub proxy_from_environment: Option, + /// `proxyURL` defines the HTTP proxy server to use. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] + pub proxy_url: Option, + /// Time after which the linode instances are refreshed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, + /// Optional region to filter on. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub region: Option, + /// The string by which Linode Instance tags are joined into the tag label. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagSeparator")] + pub tag_separator: Option, + /// TLS configuration applying to the target HTTP endpoint. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] + pub tls_config: Option, +} + +/// Authorization header configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsAuthorization { + /// Selects a key of a Secret in the namespace that contains the credentials for authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Defines the authentication type. The value is case-insensitive. + /// + /// + /// "Basic" is not a supported value. + /// + /// + /// Default: "Bearer" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// Selects a key of a Secret in the namespace that contains the credentials for authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsAuthorizationCredentials { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Optional OAuth 2.0 configuration. +/// Cannot be used at the same time as `authorization`. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsOauth2 { + /// `clientId` specifies a key of a Secret or ConfigMap containing the + /// OAuth2 client's ID. + #[serde(rename = "clientId")] + pub client_id: ScrapeConfigLinodeSdConfigsOauth2ClientId, + /// `clientSecret` specifies a key of a Secret containing the OAuth2 + /// client's secret. + #[serde(rename = "clientSecret")] + pub client_secret: ScrapeConfigLinodeSdConfigsOauth2ClientSecret, + /// `endpointParams` configures the HTTP parameters to append to the token + /// URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] + pub endpoint_params: Option>, + /// `scopes` defines the OAuth2 scopes used for the token request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// `tokenURL` configures the URL to fetch the token from. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// `clientId` specifies a key of a Secret or ConfigMap containing the +/// OAuth2 client's ID. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsOauth2ClientId { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsOauth2ClientIdConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsOauth2ClientIdSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// `clientSecret` specifies a key of a Secret containing the OAuth2 +/// client's secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsOauth2ClientSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsProxyConnectHeader { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// TLS configuration applying to the target HTTP endpoint. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsTlsConfig { + /// Certificate authority used when verifying server certificates. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ca: Option, + /// Client certificate to present when doing client-authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cert: Option, + /// Disable target certificate validation. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] + pub insecure_skip_verify: Option, + /// Secret containing the client key file for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] + pub key_secret: Option, + /// Used to verify the hostname for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] + pub server_name: Option, +} + +/// Certificate authority used when verifying server certificates. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCa { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCaConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCaSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Client certificate to present when doing client-authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCert { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCertConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCertSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing the client key file for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLinodeSdConfigsTlsConfigKeySecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// scraped samples and remote write samples. +/// +/// +/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigMetricRelabelings { + /// Action to perform based on the regex matching. + /// + /// + /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + /// + /// + /// Default: "Replace" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub action: Option, + /// Modulus to take of the hash of the source label values. + /// + /// + /// Only applicable when the action is `HashMod`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub modulus: Option, + /// Regular expression against which the extracted value is matched. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub regex: Option, + /// Replacement value against which a Replace action is performed if the + /// regular expression matches. + /// + /// + /// Regex capture groups are available. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub replacement: Option, + /// Separator is the string between concatenated SourceLabels. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub separator: Option, + /// The source labels select values from existing labels. Their content is + /// concatenated using the configured Separator and matched against the + /// configured regular expression. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceLabels")] + pub source_labels: Option>, + /// Label to which the resulting string is written in a replacement. + /// + /// + /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + /// `KeepEqual` and `DropEqual` actions. + /// + /// + /// Regex capture groups are available. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] + pub target_label: Option, +} + +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// /// @@ -4273,80 +5053,389 @@ pub enum ScrapeConfigMetricRelabelingsAction { /// OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances. /// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#openstack_sd_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct ScrapeConfigOpenstackSdConfigs { - /// Whether the service discovery should list all instances for all projects. - /// It is only relevant for the 'instance' role and usually requires admin permissions. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "allTenants")] - pub all_tenants: Option, - /// ApplicationCredentialID - #[serde(default, skip_serializing_if = "Option::is_none", rename = "applicationCredentialId")] - pub application_credential_id: Option, - /// The ApplicationCredentialID or ApplicationCredentialName fields are - /// required if using an application credential to authenticate. Some providers - /// allow you to create an application credential to authenticate rather than a - /// password. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "applicationCredentialName")] - pub application_credential_name: Option, - /// The applicationCredentialSecret field is required if using an application - /// credential to authenticate. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "applicationCredentialSecret")] - pub application_credential_secret: Option, - /// Availability of the endpoint to connect to. +pub struct ScrapeConfigOpenstackSdConfigs { + /// Whether the service discovery should list all instances for all projects. + /// It is only relevant for the 'instance' role and usually requires admin permissions. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allTenants")] + pub all_tenants: Option, + /// ApplicationCredentialID + #[serde(default, skip_serializing_if = "Option::is_none", rename = "applicationCredentialId")] + pub application_credential_id: Option, + /// The ApplicationCredentialID or ApplicationCredentialName fields are + /// required if using an application credential to authenticate. Some providers + /// allow you to create an application credential to authenticate rather than a + /// password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "applicationCredentialName")] + pub application_credential_name: Option, + /// The applicationCredentialSecret field is required if using an application + /// credential to authenticate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "applicationCredentialSecret")] + pub application_credential_secret: Option, + /// Availability of the endpoint to connect to. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub availability: Option, + /// DomainID + #[serde(default, skip_serializing_if = "Option::is_none", rename = "domainID")] + pub domain_id: Option, + /// At most one of domainId and domainName must be provided if using username + /// with Identity V3. Otherwise, either are optional. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "domainName")] + pub domain_name: Option, + /// IdentityEndpoint specifies the HTTP endpoint that is required to work with + /// the Identity API of the appropriate version. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityEndpoint")] + pub identity_endpoint: Option, + /// Password for the Identity V2 and V3 APIs. Consult with your provider's + /// control panel to discover your account's preferred method of authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub password: Option, + /// The port to scrape metrics from. If using the public IP address, this must + /// instead be specified in the relabeling rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// ProjectID + #[serde(default, skip_serializing_if = "Option::is_none", rename = "projectID")] + pub project_id: Option, + /// The ProjectId and ProjectName fields are optional for the Identity V2 API. + /// Some providers allow you to specify a ProjectName instead of the ProjectId. + /// Some require both. Your provider's authentication policies will determine + /// how these fields influence authentication. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "projectName")] + pub project_name: Option, + /// Refresh interval to re-read the instance list. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, + /// The OpenStack Region. + pub region: String, + /// The OpenStack role of entities that should be discovered. + pub role: ScrapeConfigOpenstackSdConfigsRole, + /// TLS configuration applying to the target HTTP endpoint. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] + pub tls_config: Option, + /// UserID + #[serde(default, skip_serializing_if = "Option::is_none")] + pub userid: Option, + /// Username is required if using Identity V2 API. Consult with your provider's + /// control panel to discover your account's username. + /// In Identity V3, either userid or a combination of username + /// and domainId or domainName are needed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub username: Option, +} + +/// The applicationCredentialSecret field is required if using an application +/// credential to authenticate. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigOpenstackSdConfigsApplicationCredentialSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#openstack_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigOpenstackSdConfigsAvailability { + Public, + #[serde(rename = "public")] + PublicX, + Admin, + #[serde(rename = "admin")] + AdminX, + Internal, + #[serde(rename = "internal")] + InternalX, +} + +/// Password for the Identity V2 and V3 APIs. Consult with your provider's +/// control panel to discover your account's preferred method of authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigOpenstackSdConfigsPassword { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] - pub availability: Option, - /// DomainID - #[serde(default, skip_serializing_if = "Option::is_none", rename = "domainID")] - pub domain_id: Option, - /// At most one of domainId and domainName must be provided if using username - /// with Identity V3. Otherwise, either are optional. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "domainName")] - pub domain_name: Option, - /// IdentityEndpoint specifies the HTTP endpoint that is required to work with - /// the Identity API of the appropriate version. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityEndpoint")] - pub identity_endpoint: Option, - /// Password for the Identity V2 and V3 APIs. Consult with your provider's - /// control panel to discover your account's preferred method of authentication. + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#openstack_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigOpenstackSdConfigsRole { + Instance, + #[serde(rename = "instance")] + InstanceX, + Hypervisor, + #[serde(rename = "hypervisor")] + HypervisorX, +} + +/// TLS configuration applying to the target HTTP endpoint. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigOpenstackSdConfigsTlsConfig { + /// Certificate authority used when verifying server certificates. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ca: Option, + /// Client certificate to present when doing client-authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cert: Option, + /// Disable target certificate validation. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] + pub insecure_skip_verify: Option, + /// Secret containing the client key file for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] + pub key_secret: Option, + /// Used to verify the hostname for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] + pub server_name: Option, +} + +/// Certificate authority used when verifying server certificates. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCa { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCaConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCaSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Client certificate to present when doing client-authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCert { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCertConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCertSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing the client key file for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigOpenstackSdConfigsTlsConfigKeySecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigProxyConnectHeader { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigPuppetDbsdConfigs { + /// Optional `authorization` HTTP header configuration. + /// Cannot be set at the same time as `basicAuth`, or `oauth2`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option, + /// Optional HTTP basic authentication information. + /// Cannot be set at the same time as `authorization`, or `oauth2`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] + pub basic_auth: Option, + /// Configure whether to enable HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] + pub enable_http2: Option, + /// Configure whether the HTTP requests should follow HTTP 3xx redirects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, + /// Whether to include the parameters as meta labels. + /// Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure + /// that you don't have secrets exposed as parameters if you enable this. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "includeParameters")] + pub include_parameters: Option, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, + /// Optional OAuth2.0 configuration. + /// Cannot be set at the same time as `basicAuth`, or `authorization`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, - /// The port to scrape metrics from. If using the public IP address, this must - /// instead be specified in the relabeling rule. + pub oauth2: Option, + /// Port to scrape the metrics from. #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, - /// ProjectID - #[serde(default, skip_serializing_if = "Option::is_none", rename = "projectID")] - pub project_id: Option, - /// The ProjectId and ProjectName fields are optional for the Identity V2 API. - /// Some providers allow you to specify a ProjectName instead of the ProjectId. - /// Some require both. Your provider's authentication policies will determine - /// how these fields influence authentication. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "projectName")] - pub project_name: Option, - /// Refresh interval to re-read the instance list. + pub port: Option, + /// ProxyConnectHeader optionally specifies headers to send to + /// proxies during CONNECT requests. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] + pub proxy_connect_header: Option>, + /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + /// If unset, Prometheus uses its default value. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] + pub proxy_from_environment: Option, + /// `proxyURL` defines the HTTP proxy server to use. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] + pub proxy_url: Option, + /// Puppet Query Language (PQL) query. Only resources are supported. + /// https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html + pub query: String, + /// Refresh interval to re-read the list of resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// The OpenStack Region. - pub region: String, - /// The OpenStack role of entities that should be discovered. - pub role: ScrapeConfigOpenstackSdConfigsRole, - /// TLS configuration applying to the target HTTP endpoint. + /// TLS configuration to connect to the Puppet DB. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, - /// UserID - #[serde(default, skip_serializing_if = "Option::is_none")] - pub userid: Option, - /// Username is required if using Identity V2 API. Consult with your provider's - /// control panel to discover your account's username. - /// In Identity V3, either userid or a combination of username - /// and domainId or domainName are needed + pub tls_config: Option, + /// The URL of the PuppetDB root query endpoint. + pub url: String, +} + +/// Optional `authorization` HTTP header configuration. +/// Cannot be set at the same time as `basicAuth`, or `oauth2`. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigPuppetDbsdConfigsAuthorization { + /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub credentials: Option, + /// Defines the authentication type. The value is case-insensitive. + /// + /// + /// "Basic" is not a supported value. + /// + /// + /// Default: "Bearer" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, } -/// The applicationCredentialSecret field is required if using an application -/// credential to authenticate. +/// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigOpenstackSdConfigsApplicationCredentialSecret { +pub struct ScrapeConfigPuppetDbsdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4363,25 +5452,24 @@ pub struct ScrapeConfigOpenstackSdConfigsApplicationCredentialSecret { pub optional: Option, } -/// OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#openstack_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigOpenstackSdConfigsAvailability { - Public, - #[serde(rename = "public")] - PublicX, - Admin, - #[serde(rename = "admin")] - AdminX, - Internal, - #[serde(rename = "internal")] - InternalX, +/// Optional HTTP basic authentication information. +/// Cannot be set at the same time as `authorization`, or `oauth2`. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigPuppetDbsdConfigsBasicAuth { + /// `password` specifies a key of a Secret containing the password for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub password: Option, + /// `username` specifies a key of a Secret containing the username for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub username: Option, } -/// Password for the Identity V2 and V3 APIs. Consult with your provider's -/// control panel to discover your account's preferred method of authentication. +/// `password` specifies a key of a Secret containing the password for +/// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigOpenstackSdConfigsPassword { +pub struct ScrapeConfigPuppetDbsdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4398,52 +5486,65 @@ pub struct ScrapeConfigOpenstackSdConfigsPassword { pub optional: Option, } -/// OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#openstack_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigOpenstackSdConfigsRole { - Instance, - #[serde(rename = "instance")] - InstanceX, - Hypervisor, - #[serde(rename = "hypervisor")] - HypervisorX, +/// `username` specifies a key of a Secret containing the username for +/// authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigPuppetDbsdConfigsBasicAuthUsername { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// TLS configuration applying to the target HTTP endpoint. +/// Optional OAuth2.0 configuration. +/// Cannot be set at the same time as `basicAuth`, or `authorization`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigOpenstackSdConfigsTlsConfig { - /// Certificate authority used when verifying server certificates. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, - /// Client certificate to present when doing client-authentication. +pub struct ScrapeConfigPuppetDbsdConfigsOauth2 { + /// `clientId` specifies a key of a Secret or ConfigMap containing the + /// OAuth2 client's ID. + #[serde(rename = "clientId")] + pub client_id: ScrapeConfigPuppetDbsdConfigsOauth2ClientId, + /// `clientSecret` specifies a key of a Secret containing the OAuth2 + /// client's secret. + #[serde(rename = "clientSecret")] + pub client_secret: ScrapeConfigPuppetDbsdConfigsOauth2ClientSecret, + /// `endpointParams` configures the HTTP parameters to append to the token + /// URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] + pub endpoint_params: Option>, + /// `scopes` defines the OAuth2 scopes used for the token request. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, - /// Disable target certificate validation. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] - pub insecure_skip_verify: Option, - /// Secret containing the client key file for the targets. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, - /// Used to verify the hostname for the targets. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] - pub server_name: Option, + pub scopes: Option>, + /// `tokenURL` configures the URL to fetch the token from. + #[serde(rename = "tokenUrl")] + pub token_url: String, } -/// Certificate authority used when verifying server certificates. +/// `clientId` specifies a key of a Secret or ConfigMap containing the +/// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCa { +pub struct ScrapeConfigPuppetDbsdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigPuppetDbsdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4462,7 +5563,7 @@ pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigPuppetDbsdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4479,20 +5580,79 @@ pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCaSecret { pub optional: Option, } -/// Client certificate to present when doing client-authentication. +/// `clientSecret` specifies a key of a Secret containing the OAuth2 +/// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCert { +pub struct ScrapeConfigPuppetDbsdConfigsOauth2ClientSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigPuppetDbsdConfigsProxyConnectHeader { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// TLS configuration to connect to the Puppet DB. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigPuppetDbsdConfigsTlsConfig { + /// Certificate authority used when verifying server certificates. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ca: Option, + /// Client certificate to present when doing client-authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cert: Option, + /// Disable target certificate validation. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] + pub insecure_skip_verify: Option, + /// Secret containing the client key file for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] + pub key_secret: Option, + /// Used to verify the hostname for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] + pub server_name: Option, +} + +/// Certificate authority used when verifying server certificates. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4511,7 +5671,7 @@ pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4528,9 +5688,39 @@ pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCertSecret { pub optional: Option, } -/// Secret containing the client key file for the targets. +/// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigOpenstackSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigCert { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigCertConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4547,9 +5737,9 @@ pub struct ScrapeConfigOpenstackSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// SecretKeySelector selects a key of a Secret. +/// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigProxyConnectHeader { +pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. diff --git a/kube-custom-resources-rs/src/networking_istio_io/v1/virtualservices.rs b/kube-custom-resources-rs/src/networking_istio_io/v1/virtualservices.rs index 6875b929f..c1eb9317c 100644 --- a/kube-custom-resources-rs/src/networking_istio_io/v1/virtualservices.rs +++ b/kube-custom-resources-rs/src/networking_istio_io/v1/virtualservices.rs @@ -126,7 +126,7 @@ pub struct VirtualServiceHttpCorsPolicyAllowOrigins { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -260,7 +260,7 @@ pub struct VirtualServiceHttpHeadersResponse { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatch { - /// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub authority: Option, /// Names of gateways where the rule should be applied. @@ -272,7 +272,7 @@ pub struct VirtualServiceHttpMatch { /// Flag to specify whether the URI matching should be case-insensitive. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreUriCase")] pub ignore_uri_case: Option, - /// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub method: Option, /// The name assigned to a match. @@ -284,7 +284,7 @@ pub struct VirtualServiceHttpMatch { /// Query parameters for matching. #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryParams")] pub query_params: Option>, - /// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, /// One or more labels that constrain the applicability of a rule to source (client) workloads with the given labels. @@ -296,7 +296,7 @@ pub struct VirtualServiceHttpMatch { /// The human readable prefix to use when emitting statistics for this route. #[serde(default, skip_serializing_if = "Option::is_none", rename = "statPrefix")] pub stat_prefix: Option, - /// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub uri: Option, /// withoutHeader has the same syntax with the header, but has opposite meaning. @@ -304,14 +304,14 @@ pub struct VirtualServiceHttpMatch { pub without_headers: Option>, } -/// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchAuthority { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -323,19 +323,19 @@ pub struct VirtualServiceHttpMatchHeaders { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } -/// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchMethod { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -347,31 +347,31 @@ pub struct VirtualServiceHttpMatchQueryParams { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } -/// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchScheme { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } -/// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchUri { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -383,7 +383,7 @@ pub struct VirtualServiceHttpMatchWithoutHeaders { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -519,7 +519,7 @@ pub struct VirtualServiceHttpRewrite { /// rewrite the path portion of the URI with the specified regex. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpRewriteUriRegexRewrite { - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] pub r#match: Option, /// The string that should replace into matching portions of original URI. diff --git a/kube-custom-resources-rs/src/networking_istio_io/v1alpha3/envoyfilters.rs b/kube-custom-resources-rs/src/networking_istio_io/v1alpha3/envoyfilters.rs index 72bb57ba2..2070ee353 100644 --- a/kube-custom-resources-rs/src/networking_istio_io/v1alpha3/envoyfilters.rs +++ b/kube-custom-resources-rs/src/networking_istio_io/v1alpha3/envoyfilters.rs @@ -314,11 +314,9 @@ pub struct EnvoyFilterTargetRefs { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, diff --git a/kube-custom-resources-rs/src/networking_istio_io/v1alpha3/virtualservices.rs b/kube-custom-resources-rs/src/networking_istio_io/v1alpha3/virtualservices.rs index 112839fc9..49703a513 100644 --- a/kube-custom-resources-rs/src/networking_istio_io/v1alpha3/virtualservices.rs +++ b/kube-custom-resources-rs/src/networking_istio_io/v1alpha3/virtualservices.rs @@ -126,7 +126,7 @@ pub struct VirtualServiceHttpCorsPolicyAllowOrigins { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -260,7 +260,7 @@ pub struct VirtualServiceHttpHeadersResponse { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatch { - /// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub authority: Option, /// Names of gateways where the rule should be applied. @@ -272,7 +272,7 @@ pub struct VirtualServiceHttpMatch { /// Flag to specify whether the URI matching should be case-insensitive. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreUriCase")] pub ignore_uri_case: Option, - /// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub method: Option, /// The name assigned to a match. @@ -284,7 +284,7 @@ pub struct VirtualServiceHttpMatch { /// Query parameters for matching. #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryParams")] pub query_params: Option>, - /// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, /// One or more labels that constrain the applicability of a rule to source (client) workloads with the given labels. @@ -296,7 +296,7 @@ pub struct VirtualServiceHttpMatch { /// The human readable prefix to use when emitting statistics for this route. #[serde(default, skip_serializing_if = "Option::is_none", rename = "statPrefix")] pub stat_prefix: Option, - /// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub uri: Option, /// withoutHeader has the same syntax with the header, but has opposite meaning. @@ -304,14 +304,14 @@ pub struct VirtualServiceHttpMatch { pub without_headers: Option>, } -/// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchAuthority { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -323,19 +323,19 @@ pub struct VirtualServiceHttpMatchHeaders { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } -/// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchMethod { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -347,31 +347,31 @@ pub struct VirtualServiceHttpMatchQueryParams { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } -/// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchScheme { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } -/// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchUri { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -383,7 +383,7 @@ pub struct VirtualServiceHttpMatchWithoutHeaders { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -519,7 +519,7 @@ pub struct VirtualServiceHttpRewrite { /// rewrite the path portion of the URI with the specified regex. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpRewriteUriRegexRewrite { - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] pub r#match: Option, /// The string that should replace into matching portions of original URI. diff --git a/kube-custom-resources-rs/src/networking_istio_io/v1beta1/virtualservices.rs b/kube-custom-resources-rs/src/networking_istio_io/v1beta1/virtualservices.rs index 922e0cd60..0e562461e 100644 --- a/kube-custom-resources-rs/src/networking_istio_io/v1beta1/virtualservices.rs +++ b/kube-custom-resources-rs/src/networking_istio_io/v1beta1/virtualservices.rs @@ -126,7 +126,7 @@ pub struct VirtualServiceHttpCorsPolicyAllowOrigins { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -260,7 +260,7 @@ pub struct VirtualServiceHttpHeadersResponse { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatch { - /// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub authority: Option, /// Names of gateways where the rule should be applied. @@ -272,7 +272,7 @@ pub struct VirtualServiceHttpMatch { /// Flag to specify whether the URI matching should be case-insensitive. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreUriCase")] pub ignore_uri_case: Option, - /// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub method: Option, /// The name assigned to a match. @@ -284,7 +284,7 @@ pub struct VirtualServiceHttpMatch { /// Query parameters for matching. #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryParams")] pub query_params: Option>, - /// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, /// One or more labels that constrain the applicability of a rule to source (client) workloads with the given labels. @@ -296,7 +296,7 @@ pub struct VirtualServiceHttpMatch { /// The human readable prefix to use when emitting statistics for this route. #[serde(default, skip_serializing_if = "Option::is_none", rename = "statPrefix")] pub stat_prefix: Option, - /// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub uri: Option, /// withoutHeader has the same syntax with the header, but has opposite meaning. @@ -304,14 +304,14 @@ pub struct VirtualServiceHttpMatch { pub without_headers: Option>, } -/// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// HTTP Authority values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchAuthority { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -323,19 +323,19 @@ pub struct VirtualServiceHttpMatchHeaders { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } -/// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// HTTP Method values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchMethod { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -347,31 +347,31 @@ pub struct VirtualServiceHttpMatchQueryParams { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } -/// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// URI Scheme values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchScheme { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } -/// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). +/// URI to match values are case-sensitive and formatted as follows: - `exact: "value"` for exact string match - `prefix: "value"` for prefix-based match - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpMatchUri { #[serde(default, skip_serializing_if = "Option::is_none")] pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -383,7 +383,7 @@ pub struct VirtualServiceHttpMatchWithoutHeaders { pub exact: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, } @@ -519,7 +519,7 @@ pub struct VirtualServiceHttpRewrite { /// rewrite the path portion of the URI with the specified regex. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VirtualServiceHttpRewriteUriRegexRewrite { - /// RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + /// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] pub r#match: Option, /// The string that should replace into matching portions of original URI. diff --git a/kube-custom-resources-rs/src/nfd_kubernetes_io/v1/nodefeaturediscoveries.rs b/kube-custom-resources-rs/src/nfd_kubernetes_io/v1/nodefeaturediscoveries.rs index d95636642..f997d6acb 100644 --- a/kube-custom-resources-rs/src/nfd_kubernetes_io/v1/nodefeaturediscoveries.rs +++ b/kube-custom-resources-rs/src/nfd_kubernetes_io/v1/nodefeaturediscoveries.rs @@ -19,6 +19,9 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct NodeFeatureDiscoverySpec { + /// EnableTaints enables the enable the experimental tainting feature This allows keeping nodes with specialized hardware away from running general workload i and instead leave them for workloads that need the specialized hardware. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableTaints")] + pub enable_taints: Option, /// ExtraLabelNs defines the list of of allowed extra label namespaces By default, only allow labels in the default `feature.node.kubernetes.io` label namespace #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraLabelNs")] pub extra_label_ns: Option>, diff --git a/kube-custom-resources-rs/src/operator_cryostat_io/mod.rs b/kube-custom-resources-rs/src/operator_cryostat_io/mod.rs index 9f64fc82d..aae3815eb 100644 --- a/kube-custom-resources-rs/src/operator_cryostat_io/mod.rs +++ b/kube-custom-resources-rs/src/operator_cryostat_io/mod.rs @@ -1 +1,2 @@ pub mod v1beta1; +pub mod v1beta2; diff --git a/kube-custom-resources-rs/src/operator_cryostat_io/v1beta1/cryostats.rs b/kube-custom-resources-rs/src/operator_cryostat_io/v1beta1/cryostats.rs index 09e100fe5..7ea687cd7 100644 --- a/kube-custom-resources-rs/src/operator_cryostat_io/v1beta1/cryostats.rs +++ b/kube-custom-resources-rs/src/operator_cryostat_io/v1beta1/cryostats.rs @@ -24,7 +24,8 @@ pub struct CryostatSpec { /// Override default authorization properties for Cryostat on OpenShift. #[serde(default, skip_serializing_if = "Option::is_none", rename = "authProperties")] pub auth_properties: Option, - /// Use cert-manager to secure in-cluster communication between Cryostat components. Requires cert-manager to be installed. + /// Use cert-manager to secure in-cluster communication between Cryostat components. + /// Requires cert-manager to be installed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCertManager")] pub enable_cert_manager: Option, /// List of Flight Recorder Event Templates to preconfigure in Cryostat. @@ -41,7 +42,8 @@ pub struct CryostatSpec { pub max_ws_connections: Option, /// Deploy a pared-down Cryostat instance with no Grafana Dashboard or JFR Data Source. pub minimal: bool, - /// Options to control how the operator exposes the application outside of the cluster, such as using an Ingress or Route. + /// Options to control how the operator exposes the application outside of the cluster, + /// such as using an Ingress or Route. #[serde(default, skip_serializing_if = "Option::is_none", rename = "networkOptions")] pub network_options: Option, /// Options to configure the Cryostat deployments and pods metadata @@ -76,7 +78,9 @@ pub struct CryostatSpec { /// Override default authorization properties for Cryostat on OpenShift. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatAuthProperties { - /// Name of the ClusterRole to use when Cryostat requests a role-scoped OAuth token. This ClusterRole should contain permissions for all Kubernetes objects listed in custom permission mapping. More details: https://docs.openshift.com/container-platform/4.11/authentication/tokens-scoping.html#scoping-tokens-role-scope_configuring-internal-oauth + /// Name of the ClusterRole to use when Cryostat requests a role-scoped OAuth token. + /// This ClusterRole should contain permissions for all Kubernetes objects listed in custom permission mapping. + /// More details: https://docs.openshift.com/container-platform/4.11/authentication/tokens-scoping.html#scoping-tokens-role-scope_configuring-internal-oauth #[serde(rename = "clusterRoleName")] pub cluster_role_name: String, /// Name of config map in the local namespace. @@ -115,68 +119,111 @@ pub struct CryostatJmxCredentialsDatabaseOptions { pub database_secret_name: Option, } -/// Options to control how the operator exposes the application outside of the cluster, such as using an Ingress or Route. +/// Options to control how the operator exposes the application outside of the cluster, +/// such as using an Ingress or Route. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptions { - /// Specifications for how to expose the Cryostat command service, which serves the WebSocket command channel. - /// Deprecated: CommandConfig is no longer used. + /// Specifications for how to expose the Cryostat command service, + /// which serves the WebSocket command channel. + /// + /// + /// Deprecated: CommandConfig is no longer used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "commandConfig")] pub command_config: Option, - /// Specifications for how to expose the Cryostat service, which serves the Cryostat application. + /// Specifications for how to expose the Cryostat service, + /// which serves the Cryostat application. #[serde(default, skip_serializing_if = "Option::is_none", rename = "coreConfig")] pub core_config: Option, - /// Specifications for how to expose Cryostat's Grafana service, which serves the Grafana dashboard. + /// Specifications for how to expose Cryostat's Grafana service, + /// which serves the Grafana dashboard. #[serde(default, skip_serializing_if = "Option::is_none", rename = "grafanaConfig")] pub grafana_config: Option, } -/// Specifications for how to expose the Cryostat command service, which serves the WebSocket command channel. -/// Deprecated: CommandConfig is no longer used. +/// Specifications for how to expose the Cryostat command service, +/// which serves the WebSocket command channel. +/// +/// +/// Deprecated: CommandConfig is no longer used. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfig { /// Annotations to add to the Ingress or Route during its creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Configuration for an Ingress object. Currently subpaths are not supported, so unique hosts must be specified (if a single external IP is being used) to differentiate between ingresses/services. + /// Configuration for an Ingress object. + /// Currently subpaths are not supported, so unique hosts must be specified + /// (if a single external IP is being used) to differentiate between ingresses/services. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressSpec")] pub ingress_spec: Option, - /// Labels to add to the Ingress or Route during its creation. The label with key "app" is reserved for use by the operator. + /// Labels to add to the Ingress or Route during its creation. + /// The label with key "app" is reserved for use by the operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, } -/// Configuration for an Ingress object. Currently subpaths are not supported, so unique hosts must be specified (if a single external IP is being used) to differentiate between ingresses/services. +/// Configuration for an Ingress object. +/// Currently subpaths are not supported, so unique hosts must be specified +/// (if a single external IP is being used) to differentiate between ingresses/services. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpec { - /// DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller. + /// defaultBackend is the backend that should handle requests that don't + /// match any rule. If Rules are not specified, DefaultBackend must be specified. + /// If DefaultBackend is not set, the handling of requests that do not match any + /// of the rules will be up to the Ingress controller. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultBackend")] pub default_backend: Option, - /// IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present. + /// ingressClassName is the name of an IngressClass cluster resource. Ingress + /// controller implementations use this field to know whether they should be + /// serving this Ingress resource, by a transitive connection + /// (controller -> IngressClass -> Ingress resource). Although the + /// `kubernetes.io/ingress.class` annotation (simple constant name) was never + /// formally defined, it was widely supported by Ingress controllers to create + /// a direct binding between Ingress controller and Ingress resources. Newly + /// created Ingress resources should prefer using the field. However, even + /// though the annotation is officially deprecated, for backwards compatibility + /// reasons, ingress controllers should still honor that annotation if present. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressClassName")] pub ingress_class_name: Option, - /// A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend. + /// rules is a list of host rules used to configure the Ingress. If unspecified, + /// or no rule matches, all traffic is sent to the default backend. #[serde(default, skip_serializing_if = "Option::is_none")] pub rules: Option>, - /// TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI. + /// tls represents the TLS configuration. Currently the Ingress only supports a + /// single TLS port, 443. If multiple members of this list specify different hosts, + /// they will be multiplexed on the same port according to the hostname specified + /// through the SNI TLS extension, if the ingress controller fulfilling the + /// ingress supports SNI. #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option>, } -/// DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller. +/// defaultBackend is the backend that should handle requests that don't +/// match any rule. If Rules are not specified, DefaultBackend must be specified. +/// If DefaultBackend is not set, the handling of requests that do not match any +/// of the rules will be up to the Ingress controller. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecDefaultBackend { - /// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". + /// resource is an ObjectRef to another Kubernetes resource in the namespace + /// of the Ingress object. If resource is specified, a service.Name and + /// service.Port must not be specified. + /// This is a mutually exclusive setting with "Service". #[serde(default, skip_serializing_if = "Option::is_none")] pub resource: Option, - /// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". + /// service references a service as a backend. + /// This is a mutually exclusive setting with "Resource". #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } -/// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". +/// resource is an ObjectRef to another Kubernetes resource in the namespace +/// of the Ingress object. If resource is specified, a service.Name and +/// service.Port must not be specified. +/// This is a mutually exclusive setting with "Service". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecDefaultBackendResource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced @@ -185,74 +232,139 @@ pub struct CryostatNetworkOptionsCommandConfigIngressSpecDefaultBackendResource pub name: String, } -/// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". +/// service references a service as a backend. +/// This is a mutually exclusive setting with "Resource". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecDefaultBackendService { - /// Name is the referenced service. The service must exist in the same namespace as the Ingress object. + /// name is the referenced service. The service must exist in + /// the same namespace as the Ingress object. pub name: String, - /// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. + /// port of the referenced service. A port name or port number + /// is required for a IngressServiceBackend. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, } -/// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. +/// port of the referenced service. A port name or port number +/// is required for a IngressServiceBackend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecDefaultBackendServicePort { - /// Name is the name of the port on the Service. This is a mutually exclusive setting with "Number". + /// name is the name of the port on the Service. + /// This is a mutually exclusive setting with "Number". #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name". + /// number is the numerical port number (e.g. 80) on the Service. + /// This is a mutually exclusive setting with "Name". #[serde(default, skip_serializing_if = "Option::is_none")] pub number: Option, } -/// IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. +/// IngressRule represents the rules mapping the paths under a specified host to +/// the related backend services. Incoming requests are first evaluated for a host +/// match, then routed to the backend associated with the matching IngressRuleValue. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecRules { - /// Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. - /// Host can be "precise" which is a domain name without the terminating dot of a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. "*.foo.com"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule. + /// host is the fully qualified domain name of a network host, as defined by RFC 3986. + /// Note the following deviations from the "host" part of the + /// URI as defined in RFC 3986: + /// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to + /// the IP in the Spec of the parent Ingress. + /// 2. The `:` delimiter is not respected because ports are not allowed. + /// Currently the port of an Ingress is implicitly :80 for http and + /// :443 for https. + /// Both these may change in the future. + /// Incoming requests are matched against the host before the + /// IngressRuleValue. If the host is unspecified, the Ingress routes all + /// traffic based on the specified IngressRuleValue. + /// + /// + /// host can be "precise" which is a domain name without the terminating dot of + /// a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name + /// prefixed with a single wildcard label (e.g. "*.foo.com"). + /// The wildcard character '*' must appear by itself as the first DNS label and + /// matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). + /// Requests will be matched against the Host field in the following way: + /// 1. If host is precise, the request matches this rule if the http host header is equal to Host. + /// 2. If host is a wildcard, then the request matches this rule if the http host header + /// is to equal to the suffix (removing the first label) of the wildcard rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'. + /// HTTPIngressRuleValue is a list of http selectors pointing to backends. + /// In the example: http:///? -> backend where + /// where parts of the url correspond to RFC 3986, this resource will be used + /// to match against everything after the last '/' and before the first '?' + /// or '#'. #[serde(default, skip_serializing_if = "Option::is_none")] pub http: Option, } -/// HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'. +/// HTTPIngressRuleValue is a list of http selectors pointing to backends. +/// In the example: http:///? -> backend where +/// where parts of the url correspond to RFC 3986, this resource will be used +/// to match against everything after the last '/' and before the first '?' +/// or '#'. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecRulesHttp { - /// A collection of paths that map requests to backends. + /// paths is a collection of paths that map requests to backends. pub paths: Vec, } -/// HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend. +/// HTTPIngressPath associates a path with a backend. Incoming urls matching the +/// path are forwarded to the backend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecRulesHttpPaths { - /// Backend defines the referenced service endpoint to which the traffic will be forwarded to. + /// backend defines the referenced service endpoint to which the traffic + /// will be forwarded to. pub backend: CryostatNetworkOptionsCommandConfigIngressSpecRulesHttpPathsBackend, - /// Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix". + /// path is matched against the path of an incoming request. Currently it can + /// contain characters disallowed from the conventional "path" part of a URL + /// as defined by RFC 3986. Paths must begin with a '/' and must be present + /// when using PathType with value "Exact" or "Prefix". #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is done on a path element by element basis. A path element refers is the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). * ImplementationSpecific: Interpretation of the Path matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations are required to support all path types. + /// pathType determines the interpretation of the path matching. PathType can + /// be one of the following values: + /// * Exact: Matches the URL path exactly. + /// * Prefix: Matches based on a URL path prefix split by '/'. Matching is + /// done on a path element by element basis. A path element refers is the + /// list of labels in the path split by the '/' separator. A request is a + /// match for path p if every p is an element-wise prefix of p of the + /// request path. Note that if the last element of the path is a substring + /// of the last element in request path, it is not a match (e.g. /foo/bar + /// matches /foo/bar/baz, but does not match /foo/barbaz). + /// * ImplementationSpecific: Interpretation of the Path matching is up to + /// the IngressClass. Implementations can treat this as a separate PathType + /// or treat it identically to Prefix or Exact path types. + /// Implementations are required to support all path types. #[serde(rename = "pathType")] pub path_type: String, } -/// Backend defines the referenced service endpoint to which the traffic will be forwarded to. +/// backend defines the referenced service endpoint to which the traffic +/// will be forwarded to. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecRulesHttpPathsBackend { - /// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". + /// resource is an ObjectRef to another Kubernetes resource in the namespace + /// of the Ingress object. If resource is specified, a service.Name and + /// service.Port must not be specified. + /// This is a mutually exclusive setting with "Service". #[serde(default, skip_serializing_if = "Option::is_none")] pub resource: Option, - /// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". + /// service references a service as a backend. + /// This is a mutually exclusive setting with "Resource". #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } -/// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". +/// resource is an ObjectRef to another Kubernetes resource in the namespace +/// of the Ingress object. If resource is specified, a service.Name and +/// service.Port must not be specified. +/// This is a mutually exclusive setting with "Service". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecRulesHttpPathsBackendResource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced @@ -261,84 +373,132 @@ pub struct CryostatNetworkOptionsCommandConfigIngressSpecRulesHttpPathsBackendRe pub name: String, } -/// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". +/// service references a service as a backend. +/// This is a mutually exclusive setting with "Resource". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecRulesHttpPathsBackendService { - /// Name is the referenced service. The service must exist in the same namespace as the Ingress object. + /// name is the referenced service. The service must exist in + /// the same namespace as the Ingress object. pub name: String, - /// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. + /// port of the referenced service. A port name or port number + /// is required for a IngressServiceBackend. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, } -/// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. +/// port of the referenced service. A port name or port number +/// is required for a IngressServiceBackend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecRulesHttpPathsBackendServicePort { - /// Name is the name of the port on the Service. This is a mutually exclusive setting with "Number". + /// name is the name of the port on the Service. + /// This is a mutually exclusive setting with "Number". #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name". + /// number is the numerical port number (e.g. 80) on the Service. + /// This is a mutually exclusive setting with "Name". #[serde(default, skip_serializing_if = "Option::is_none")] pub number: Option, } -/// IngressTLS describes the transport layer security associated with an Ingress. +/// IngressTLS describes the transport layer security associated with an ingress. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCommandConfigIngressSpecTls { - /// Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. + /// hosts is a list of hosts included in the TLS certificate. The values in + /// this list must match the name/s used in the tlsSecret. Defaults to the + /// wildcard host setting for the loadbalancer controller fulfilling this + /// Ingress, if left unspecified. #[serde(default, skip_serializing_if = "Option::is_none")] pub hosts: Option>, - /// SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing. + /// secretName is the name of the secret used to terminate TLS traffic on + /// port 443. Field is left optional to allow TLS routing based on SNI + /// hostname alone. If the SNI host in a listener conflicts with the "Host" + /// header field used by an IngressRule, the SNI host is used for termination + /// and value of the "Host" header is used for routing. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] pub secret_name: Option, } -/// Specifications for how to expose the Cryostat service, which serves the Cryostat application. +/// Specifications for how to expose the Cryostat service, +/// which serves the Cryostat application. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfig { /// Annotations to add to the Ingress or Route during its creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Configuration for an Ingress object. Currently subpaths are not supported, so unique hosts must be specified (if a single external IP is being used) to differentiate between ingresses/services. + /// Configuration for an Ingress object. + /// Currently subpaths are not supported, so unique hosts must be specified + /// (if a single external IP is being used) to differentiate between ingresses/services. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressSpec")] pub ingress_spec: Option, - /// Labels to add to the Ingress or Route during its creation. The label with key "app" is reserved for use by the operator. + /// Labels to add to the Ingress or Route during its creation. + /// The label with key "app" is reserved for use by the operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, } -/// Configuration for an Ingress object. Currently subpaths are not supported, so unique hosts must be specified (if a single external IP is being used) to differentiate between ingresses/services. +/// Configuration for an Ingress object. +/// Currently subpaths are not supported, so unique hosts must be specified +/// (if a single external IP is being used) to differentiate between ingresses/services. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpec { - /// DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller. + /// defaultBackend is the backend that should handle requests that don't + /// match any rule. If Rules are not specified, DefaultBackend must be specified. + /// If DefaultBackend is not set, the handling of requests that do not match any + /// of the rules will be up to the Ingress controller. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultBackend")] pub default_backend: Option, - /// IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present. + /// ingressClassName is the name of an IngressClass cluster resource. Ingress + /// controller implementations use this field to know whether they should be + /// serving this Ingress resource, by a transitive connection + /// (controller -> IngressClass -> Ingress resource). Although the + /// `kubernetes.io/ingress.class` annotation (simple constant name) was never + /// formally defined, it was widely supported by Ingress controllers to create + /// a direct binding between Ingress controller and Ingress resources. Newly + /// created Ingress resources should prefer using the field. However, even + /// though the annotation is officially deprecated, for backwards compatibility + /// reasons, ingress controllers should still honor that annotation if present. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressClassName")] pub ingress_class_name: Option, - /// A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend. + /// rules is a list of host rules used to configure the Ingress. If unspecified, + /// or no rule matches, all traffic is sent to the default backend. #[serde(default, skip_serializing_if = "Option::is_none")] pub rules: Option>, - /// TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI. + /// tls represents the TLS configuration. Currently the Ingress only supports a + /// single TLS port, 443. If multiple members of this list specify different hosts, + /// they will be multiplexed on the same port according to the hostname specified + /// through the SNI TLS extension, if the ingress controller fulfilling the + /// ingress supports SNI. #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option>, } -/// DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller. +/// defaultBackend is the backend that should handle requests that don't +/// match any rule. If Rules are not specified, DefaultBackend must be specified. +/// If DefaultBackend is not set, the handling of requests that do not match any +/// of the rules will be up to the Ingress controller. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecDefaultBackend { - /// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". + /// resource is an ObjectRef to another Kubernetes resource in the namespace + /// of the Ingress object. If resource is specified, a service.Name and + /// service.Port must not be specified. + /// This is a mutually exclusive setting with "Service". #[serde(default, skip_serializing_if = "Option::is_none")] pub resource: Option, - /// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". + /// service references a service as a backend. + /// This is a mutually exclusive setting with "Resource". #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } -/// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". +/// resource is an ObjectRef to another Kubernetes resource in the namespace +/// of the Ingress object. If resource is specified, a service.Name and +/// service.Port must not be specified. +/// This is a mutually exclusive setting with "Service". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecDefaultBackendResource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced @@ -347,74 +507,139 @@ pub struct CryostatNetworkOptionsCoreConfigIngressSpecDefaultBackendResource { pub name: String, } -/// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". +/// service references a service as a backend. +/// This is a mutually exclusive setting with "Resource". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecDefaultBackendService { - /// Name is the referenced service. The service must exist in the same namespace as the Ingress object. + /// name is the referenced service. The service must exist in + /// the same namespace as the Ingress object. pub name: String, - /// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. + /// port of the referenced service. A port name or port number + /// is required for a IngressServiceBackend. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, } -/// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. +/// port of the referenced service. A port name or port number +/// is required for a IngressServiceBackend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecDefaultBackendServicePort { - /// Name is the name of the port on the Service. This is a mutually exclusive setting with "Number". + /// name is the name of the port on the Service. + /// This is a mutually exclusive setting with "Number". #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name". + /// number is the numerical port number (e.g. 80) on the Service. + /// This is a mutually exclusive setting with "Name". #[serde(default, skip_serializing_if = "Option::is_none")] pub number: Option, } -/// IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. +/// IngressRule represents the rules mapping the paths under a specified host to +/// the related backend services. Incoming requests are first evaluated for a host +/// match, then routed to the backend associated with the matching IngressRuleValue. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecRules { - /// Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. - /// Host can be "precise" which is a domain name without the terminating dot of a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. "*.foo.com"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule. + /// host is the fully qualified domain name of a network host, as defined by RFC 3986. + /// Note the following deviations from the "host" part of the + /// URI as defined in RFC 3986: + /// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to + /// the IP in the Spec of the parent Ingress. + /// 2. The `:` delimiter is not respected because ports are not allowed. + /// Currently the port of an Ingress is implicitly :80 for http and + /// :443 for https. + /// Both these may change in the future. + /// Incoming requests are matched against the host before the + /// IngressRuleValue. If the host is unspecified, the Ingress routes all + /// traffic based on the specified IngressRuleValue. + /// + /// + /// host can be "precise" which is a domain name without the terminating dot of + /// a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name + /// prefixed with a single wildcard label (e.g. "*.foo.com"). + /// The wildcard character '*' must appear by itself as the first DNS label and + /// matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). + /// Requests will be matched against the Host field in the following way: + /// 1. If host is precise, the request matches this rule if the http host header is equal to Host. + /// 2. If host is a wildcard, then the request matches this rule if the http host header + /// is to equal to the suffix (removing the first label) of the wildcard rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'. + /// HTTPIngressRuleValue is a list of http selectors pointing to backends. + /// In the example: http:///? -> backend where + /// where parts of the url correspond to RFC 3986, this resource will be used + /// to match against everything after the last '/' and before the first '?' + /// or '#'. #[serde(default, skip_serializing_if = "Option::is_none")] pub http: Option, } -/// HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'. +/// HTTPIngressRuleValue is a list of http selectors pointing to backends. +/// In the example: http:///? -> backend where +/// where parts of the url correspond to RFC 3986, this resource will be used +/// to match against everything after the last '/' and before the first '?' +/// or '#'. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttp { - /// A collection of paths that map requests to backends. + /// paths is a collection of paths that map requests to backends. pub paths: Vec, } -/// HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend. +/// HTTPIngressPath associates a path with a backend. Incoming urls matching the +/// path are forwarded to the backend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPaths { - /// Backend defines the referenced service endpoint to which the traffic will be forwarded to. + /// backend defines the referenced service endpoint to which the traffic + /// will be forwarded to. pub backend: CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPathsBackend, - /// Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix". + /// path is matched against the path of an incoming request. Currently it can + /// contain characters disallowed from the conventional "path" part of a URL + /// as defined by RFC 3986. Paths must begin with a '/' and must be present + /// when using PathType with value "Exact" or "Prefix". #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is done on a path element by element basis. A path element refers is the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). * ImplementationSpecific: Interpretation of the Path matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations are required to support all path types. + /// pathType determines the interpretation of the path matching. PathType can + /// be one of the following values: + /// * Exact: Matches the URL path exactly. + /// * Prefix: Matches based on a URL path prefix split by '/'. Matching is + /// done on a path element by element basis. A path element refers is the + /// list of labels in the path split by the '/' separator. A request is a + /// match for path p if every p is an element-wise prefix of p of the + /// request path. Note that if the last element of the path is a substring + /// of the last element in request path, it is not a match (e.g. /foo/bar + /// matches /foo/bar/baz, but does not match /foo/barbaz). + /// * ImplementationSpecific: Interpretation of the Path matching is up to + /// the IngressClass. Implementations can treat this as a separate PathType + /// or treat it identically to Prefix or Exact path types. + /// Implementations are required to support all path types. #[serde(rename = "pathType")] pub path_type: String, } -/// Backend defines the referenced service endpoint to which the traffic will be forwarded to. +/// backend defines the referenced service endpoint to which the traffic +/// will be forwarded to. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPathsBackend { - /// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". + /// resource is an ObjectRef to another Kubernetes resource in the namespace + /// of the Ingress object. If resource is specified, a service.Name and + /// service.Port must not be specified. + /// This is a mutually exclusive setting with "Service". #[serde(default, skip_serializing_if = "Option::is_none")] pub resource: Option, - /// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". + /// service references a service as a backend. + /// This is a mutually exclusive setting with "Resource". #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } -/// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". +/// resource is an ObjectRef to another Kubernetes resource in the namespace +/// of the Ingress object. If resource is specified, a service.Name and +/// service.Port must not be specified. +/// This is a mutually exclusive setting with "Service". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPathsBackendResource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced @@ -423,84 +648,132 @@ pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPathsBackendResou pub name: String, } -/// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". +/// service references a service as a backend. +/// This is a mutually exclusive setting with "Resource". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPathsBackendService { - /// Name is the referenced service. The service must exist in the same namespace as the Ingress object. + /// name is the referenced service. The service must exist in + /// the same namespace as the Ingress object. pub name: String, - /// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. + /// port of the referenced service. A port name or port number + /// is required for a IngressServiceBackend. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, } -/// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. +/// port of the referenced service. A port name or port number +/// is required for a IngressServiceBackend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPathsBackendServicePort { - /// Name is the name of the port on the Service. This is a mutually exclusive setting with "Number". + /// name is the name of the port on the Service. + /// This is a mutually exclusive setting with "Number". #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name". + /// number is the numerical port number (e.g. 80) on the Service. + /// This is a mutually exclusive setting with "Name". #[serde(default, skip_serializing_if = "Option::is_none")] pub number: Option, } -/// IngressTLS describes the transport layer security associated with an Ingress. +/// IngressTLS describes the transport layer security associated with an ingress. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsCoreConfigIngressSpecTls { - /// Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. + /// hosts is a list of hosts included in the TLS certificate. The values in + /// this list must match the name/s used in the tlsSecret. Defaults to the + /// wildcard host setting for the loadbalancer controller fulfilling this + /// Ingress, if left unspecified. #[serde(default, skip_serializing_if = "Option::is_none")] pub hosts: Option>, - /// SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing. + /// secretName is the name of the secret used to terminate TLS traffic on + /// port 443. Field is left optional to allow TLS routing based on SNI + /// hostname alone. If the SNI host in a listener conflicts with the "Host" + /// header field used by an IngressRule, the SNI host is used for termination + /// and value of the "Host" header is used for routing. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] pub secret_name: Option, } -/// Specifications for how to expose Cryostat's Grafana service, which serves the Grafana dashboard. +/// Specifications for how to expose Cryostat's Grafana service, +/// which serves the Grafana dashboard. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfig { /// Annotations to add to the Ingress or Route during its creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Configuration for an Ingress object. Currently subpaths are not supported, so unique hosts must be specified (if a single external IP is being used) to differentiate between ingresses/services. + /// Configuration for an Ingress object. + /// Currently subpaths are not supported, so unique hosts must be specified + /// (if a single external IP is being used) to differentiate between ingresses/services. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressSpec")] pub ingress_spec: Option, - /// Labels to add to the Ingress or Route during its creation. The label with key "app" is reserved for use by the operator. + /// Labels to add to the Ingress or Route during its creation. + /// The label with key "app" is reserved for use by the operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, } -/// Configuration for an Ingress object. Currently subpaths are not supported, so unique hosts must be specified (if a single external IP is being used) to differentiate between ingresses/services. +/// Configuration for an Ingress object. +/// Currently subpaths are not supported, so unique hosts must be specified +/// (if a single external IP is being used) to differentiate between ingresses/services. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpec { - /// DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller. + /// defaultBackend is the backend that should handle requests that don't + /// match any rule. If Rules are not specified, DefaultBackend must be specified. + /// If DefaultBackend is not set, the handling of requests that do not match any + /// of the rules will be up to the Ingress controller. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultBackend")] pub default_backend: Option, - /// IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present. + /// ingressClassName is the name of an IngressClass cluster resource. Ingress + /// controller implementations use this field to know whether they should be + /// serving this Ingress resource, by a transitive connection + /// (controller -> IngressClass -> Ingress resource). Although the + /// `kubernetes.io/ingress.class` annotation (simple constant name) was never + /// formally defined, it was widely supported by Ingress controllers to create + /// a direct binding between Ingress controller and Ingress resources. Newly + /// created Ingress resources should prefer using the field. However, even + /// though the annotation is officially deprecated, for backwards compatibility + /// reasons, ingress controllers should still honor that annotation if present. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressClassName")] pub ingress_class_name: Option, - /// A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend. + /// rules is a list of host rules used to configure the Ingress. If unspecified, + /// or no rule matches, all traffic is sent to the default backend. #[serde(default, skip_serializing_if = "Option::is_none")] pub rules: Option>, - /// TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI. + /// tls represents the TLS configuration. Currently the Ingress only supports a + /// single TLS port, 443. If multiple members of this list specify different hosts, + /// they will be multiplexed on the same port according to the hostname specified + /// through the SNI TLS extension, if the ingress controller fulfilling the + /// ingress supports SNI. #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option>, } -/// DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller. +/// defaultBackend is the backend that should handle requests that don't +/// match any rule. If Rules are not specified, DefaultBackend must be specified. +/// If DefaultBackend is not set, the handling of requests that do not match any +/// of the rules will be up to the Ingress controller. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecDefaultBackend { - /// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". + /// resource is an ObjectRef to another Kubernetes resource in the namespace + /// of the Ingress object. If resource is specified, a service.Name and + /// service.Port must not be specified. + /// This is a mutually exclusive setting with "Service". #[serde(default, skip_serializing_if = "Option::is_none")] pub resource: Option, - /// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". + /// service references a service as a backend. + /// This is a mutually exclusive setting with "Resource". #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } -/// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". +/// resource is an ObjectRef to another Kubernetes resource in the namespace +/// of the Ingress object. If resource is specified, a service.Name and +/// service.Port must not be specified. +/// This is a mutually exclusive setting with "Service". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecDefaultBackendResource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced @@ -509,74 +782,139 @@ pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecDefaultBackendResource pub name: String, } -/// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". +/// service references a service as a backend. +/// This is a mutually exclusive setting with "Resource". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecDefaultBackendService { - /// Name is the referenced service. The service must exist in the same namespace as the Ingress object. + /// name is the referenced service. The service must exist in + /// the same namespace as the Ingress object. pub name: String, - /// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. + /// port of the referenced service. A port name or port number + /// is required for a IngressServiceBackend. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, } -/// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. +/// port of the referenced service. A port name or port number +/// is required for a IngressServiceBackend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecDefaultBackendServicePort { - /// Name is the name of the port on the Service. This is a mutually exclusive setting with "Number". + /// name is the name of the port on the Service. + /// This is a mutually exclusive setting with "Number". #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name". + /// number is the numerical port number (e.g. 80) on the Service. + /// This is a mutually exclusive setting with "Name". #[serde(default, skip_serializing_if = "Option::is_none")] pub number: Option, } -/// IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. +/// IngressRule represents the rules mapping the paths under a specified host to +/// the related backend services. Incoming requests are first evaluated for a host +/// match, then routed to the backend associated with the matching IngressRuleValue. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecRules { - /// Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. - /// Host can be "precise" which is a domain name without the terminating dot of a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. "*.foo.com"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule. + /// host is the fully qualified domain name of a network host, as defined by RFC 3986. + /// Note the following deviations from the "host" part of the + /// URI as defined in RFC 3986: + /// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to + /// the IP in the Spec of the parent Ingress. + /// 2. The `:` delimiter is not respected because ports are not allowed. + /// Currently the port of an Ingress is implicitly :80 for http and + /// :443 for https. + /// Both these may change in the future. + /// Incoming requests are matched against the host before the + /// IngressRuleValue. If the host is unspecified, the Ingress routes all + /// traffic based on the specified IngressRuleValue. + /// + /// + /// host can be "precise" which is a domain name without the terminating dot of + /// a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name + /// prefixed with a single wildcard label (e.g. "*.foo.com"). + /// The wildcard character '*' must appear by itself as the first DNS label and + /// matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). + /// Requests will be matched against the Host field in the following way: + /// 1. If host is precise, the request matches this rule if the http host header is equal to Host. + /// 2. If host is a wildcard, then the request matches this rule if the http host header + /// is to equal to the suffix (removing the first label) of the wildcard rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'. + /// HTTPIngressRuleValue is a list of http selectors pointing to backends. + /// In the example: http:///? -> backend where + /// where parts of the url correspond to RFC 3986, this resource will be used + /// to match against everything after the last '/' and before the first '?' + /// or '#'. #[serde(default, skip_serializing_if = "Option::is_none")] pub http: Option, } -/// HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'. +/// HTTPIngressRuleValue is a list of http selectors pointing to backends. +/// In the example: http:///? -> backend where +/// where parts of the url correspond to RFC 3986, this resource will be used +/// to match against everything after the last '/' and before the first '?' +/// or '#'. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecRulesHttp { - /// A collection of paths that map requests to backends. + /// paths is a collection of paths that map requests to backends. pub paths: Vec, } -/// HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend. +/// HTTPIngressPath associates a path with a backend. Incoming urls matching the +/// path are forwarded to the backend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecRulesHttpPaths { - /// Backend defines the referenced service endpoint to which the traffic will be forwarded to. + /// backend defines the referenced service endpoint to which the traffic + /// will be forwarded to. pub backend: CryostatNetworkOptionsGrafanaConfigIngressSpecRulesHttpPathsBackend, - /// Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix". + /// path is matched against the path of an incoming request. Currently it can + /// contain characters disallowed from the conventional "path" part of a URL + /// as defined by RFC 3986. Paths must begin with a '/' and must be present + /// when using PathType with value "Exact" or "Prefix". #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is done on a path element by element basis. A path element refers is the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). * ImplementationSpecific: Interpretation of the Path matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations are required to support all path types. + /// pathType determines the interpretation of the path matching. PathType can + /// be one of the following values: + /// * Exact: Matches the URL path exactly. + /// * Prefix: Matches based on a URL path prefix split by '/'. Matching is + /// done on a path element by element basis. A path element refers is the + /// list of labels in the path split by the '/' separator. A request is a + /// match for path p if every p is an element-wise prefix of p of the + /// request path. Note that if the last element of the path is a substring + /// of the last element in request path, it is not a match (e.g. /foo/bar + /// matches /foo/bar/baz, but does not match /foo/barbaz). + /// * ImplementationSpecific: Interpretation of the Path matching is up to + /// the IngressClass. Implementations can treat this as a separate PathType + /// or treat it identically to Prefix or Exact path types. + /// Implementations are required to support all path types. #[serde(rename = "pathType")] pub path_type: String, } -/// Backend defines the referenced service endpoint to which the traffic will be forwarded to. +/// backend defines the referenced service endpoint to which the traffic +/// will be forwarded to. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecRulesHttpPathsBackend { - /// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". + /// resource is an ObjectRef to another Kubernetes resource in the namespace + /// of the Ingress object. If resource is specified, a service.Name and + /// service.Port must not be specified. + /// This is a mutually exclusive setting with "Service". #[serde(default, skip_serializing_if = "Option::is_none")] pub resource: Option, - /// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". + /// service references a service as a backend. + /// This is a mutually exclusive setting with "Resource". #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } -/// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". +/// resource is an ObjectRef to another Kubernetes resource in the namespace +/// of the Ingress object. If resource is specified, a service.Name and +/// service.Port must not be specified. +/// This is a mutually exclusive setting with "Service". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecRulesHttpPathsBackendResource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced @@ -585,34 +923,47 @@ pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecRulesHttpPathsBackendRe pub name: String, } -/// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". +/// service references a service as a backend. +/// This is a mutually exclusive setting with "Resource". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecRulesHttpPathsBackendService { - /// Name is the referenced service. The service must exist in the same namespace as the Ingress object. + /// name is the referenced service. The service must exist in + /// the same namespace as the Ingress object. pub name: String, - /// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. + /// port of the referenced service. A port name or port number + /// is required for a IngressServiceBackend. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, } -/// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. +/// port of the referenced service. A port name or port number +/// is required for a IngressServiceBackend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecRulesHttpPathsBackendServicePort { - /// Name is the name of the port on the Service. This is a mutually exclusive setting with "Number". + /// name is the name of the port on the Service. + /// This is a mutually exclusive setting with "Number". #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name". + /// number is the numerical port number (e.g. 80) on the Service. + /// This is a mutually exclusive setting with "Name". #[serde(default, skip_serializing_if = "Option::is_none")] pub number: Option, } -/// IngressTLS describes the transport layer security associated with an Ingress. +/// IngressTLS describes the transport layer security associated with an ingress. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatNetworkOptionsGrafanaConfigIngressSpecTls { - /// Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. + /// hosts is a list of hosts included in the TLS certificate. The values in + /// this list must match the name/s used in the tlsSecret. Defaults to the + /// wildcard host setting for the loadbalancer controller fulfilling this + /// Ingress, if left unspecified. #[serde(default, skip_serializing_if = "Option::is_none")] pub hosts: Option>, - /// SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing. + /// secretName is the name of the secret used to terminate TLS traffic on + /// port 443. Field is left optional to allow TLS routing based on SNI + /// hostname alone. If the SNI host in a listener conflicts with the "Host" + /// header field used by an IngressRule, the SNI host is used for termination + /// and value of the "Host" header is used for routing. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] pub secret_name: Option, } @@ -634,7 +985,9 @@ pub struct CryostatOperandMetadataDeploymentMetadata { /// Annotations to add to the resources during its creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Labels to add to the resources during its creation. The labels with keys "app" and "component" are reserved for use by the operator. + /// Labels to add to the resources during its creation. + /// The labels with keys "app" and "component" are reserved + /// for use by the operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, } @@ -645,7 +998,9 @@ pub struct CryostatOperandMetadataPodMetadata { /// Annotations to add to the resources during its creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Labels to add to the resources during its creation. The labels with keys "app" and "component" are reserved for use by the operator. + /// Labels to add to the resources during its creation. + /// The labels with keys "app" and "component" are reserved + /// for use by the operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, } @@ -653,10 +1008,12 @@ pub struct CryostatOperandMetadataPodMetadata { /// Options to configure Cryostat Automated Report Analysis. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptions { - /// The number of report sidecar replica containers to deploy. Each replica can service one report generation request at a time. + /// The number of report sidecar replica containers to deploy. + /// Each replica can service one report generation request at a time. #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, - /// The resources allocated to each sidecar replica. A replica with more resources can handle larger input recordings and will process them faster. + /// The resources allocated to each sidecar replica. + /// A replica with more resources can handle larger input recordings and will process them faster. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, /// Options to configure scheduling for the reports deployment @@ -665,23 +1022,36 @@ pub struct CryostatReportOptions { /// Options to configure the Security Contexts for the Cryostat report generator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityOptions")] pub security_options: Option, - /// When zero report sidecar replicas are requested, SubProcessMaxHeapSize configures the maximum heap size of the basic subprocess report generator in MiB. The default heap size is `200` (MiB). + /// When zero report sidecar replicas are requested, SubProcessMaxHeapSize configures + /// the maximum heap size of the basic subprocess report generator in MiB. + /// The default heap size is `200` (MiB). #[serde(default, skip_serializing_if = "Option::is_none", rename = "subProcessMaxHeapSize")] pub sub_process_max_heap_size: Option, } -/// The resources allocated to each sidecar replica. A replica with more resources can handle larger input recordings and will process them faster. +/// The resources allocated to each sidecar replica. +/// A replica with more resources can handle larger input recordings and will process them faster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -689,7 +1059,9 @@ pub struct CryostatReportOptionsResources { /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. pub name: String, } @@ -724,15 +1096,28 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinity { /// Node affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#NodeAffinity #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option, } -/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { /// A node selector term, associated with the corresponding weight. @@ -752,31 +1137,47 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityPreferredDu pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// Required. A list of node selector terms. The terms are ORed. @@ -784,7 +1185,9 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityRequiredDur pub node_selector_terms: Vec, } -/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { /// A list of node selector requirements by node's labels. @@ -795,26 +1198,38 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityRequiredDur pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -822,10 +1237,24 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityRequiredDur /// Pod affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAffinity #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -836,7 +1265,8 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDur /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -846,13 +1276,24 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDur /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -863,59 +1304,93 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDur /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -926,42 +1401,60 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityRequiredDuri /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -969,10 +1462,24 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityRequiredDuri /// Pod anti-affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAntiAffinity #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -983,7 +1490,8 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferre /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -993,13 +1501,24 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferre /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -1010,59 +1529,93 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferre /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -1073,62 +1626,90 @@ pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityRequired /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSchedulingOptionsTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. #[serde(default, skip_serializing_if = "Option::is_none")] pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, } @@ -1147,41 +1728,93 @@ pub struct CryostatReportOptionsSecurityOptions { /// Security Context to apply to the Cryostat report generator pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSecurityOptionsPodSecurityContext { - /// A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - /// 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - /// If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. + /// A special supplemental group that applies to all containers in a pod. + /// Some volume types allow the Kubelet to change the ownership of that volume + /// to be owned by the pod: + /// + /// + /// 1. The owning GID will be the FSGroup + /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + /// 3. The permission bits are OR'd with rw-rw---- + /// + /// + /// If unset, the Kubelet will not modify the ownership and permissions of any volume. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] pub fs_group: Option, - /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. + /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + /// before being exposed inside Pod. This field will only apply to + /// volume types which support fsGroup based ownership(and permissions). + /// It will have no effect on ephemeral volume types such as: secret, configmaps + /// and emptydir. + /// Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroupChangePolicy")] pub fs_group_change_policy: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to all containers. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in SecurityContext. If set in + /// both SecurityContext and PodSecurityContext, the value specified in SecurityContext + /// takes precedence for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by the containers in this pod. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. + /// A list of groups applied to the first process run in each container, in addition + /// to the container's primary GID, the fsGroup (if specified), and group memberships + /// defined in the container image for the uid of the container process. If unspecified, + /// no additional groups are added to any container. Note that group memberships + /// defined in the container image for the uid of the container process are still effective, + /// even if they are not included in this list. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, - /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. + /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + /// sysctls (by the container runtime) might fail to launch. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, - /// The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options within a container's SecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to all containers. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in SecurityContext. If set in +/// both SecurityContext and PodSecurityContext, the value specified in SecurityContext +/// takes precedence for that container. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSecurityOptionsPodSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -1198,14 +1831,23 @@ pub struct CryostatReportOptionsSecurityOptionsPodSecurityContextSeLinuxOptions pub user: Option, } -/// The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by the containers in this pod. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSecurityOptionsPodSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } @@ -1219,19 +1861,30 @@ pub struct CryostatReportOptionsSecurityOptionsPodSecurityContextSysctls { pub value: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options within a container's SecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSecurityOptionsPodSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } @@ -1239,42 +1892,84 @@ pub struct CryostatReportOptionsSecurityOptionsPodSecurityContextWindowsOptions /// Security Context to apply to the Cryostat report generator container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContext { - /// AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, - /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, - /// Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, - /// procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] pub proc_mount: Option, - /// Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] pub read_only_root_filesystem: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContextCapabilities { /// Added capabilities @@ -1285,7 +1980,11 @@ pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContextCapabilitie pub drop: Option>, } -/// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -1302,31 +2001,53 @@ pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContextSeLinuxOpti pub user: Option, } -/// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } @@ -1348,15 +2069,25 @@ pub struct CryostatResources { /// Resource requirements for the Cryostat application. If specifying a memory limit, at least 768MiB is recommended. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatResourcesCoreResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -1364,22 +2095,34 @@ pub struct CryostatResourcesCoreResources { /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatResourcesCoreResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. pub name: String, } /// Resource requirements for the JFR Data Source container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatResourcesDataSourceResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -1387,22 +2130,34 @@ pub struct CryostatResourcesDataSourceResources { /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatResourcesDataSourceResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. pub name: String, } /// Resource requirements for the Grafana container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatResourcesGrafanaResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -1410,7 +2165,9 @@ pub struct CryostatResourcesGrafanaResources { /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatResourcesGrafanaResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. pub name: String, } @@ -1445,15 +2202,28 @@ pub struct CryostatSchedulingOptionsAffinity { /// Node affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#NodeAffinity #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option, } -/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { /// A node selector term, associated with the corresponding weight. @@ -1473,31 +2243,47 @@ pub struct CryostatSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulin pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// Required. A list of node selector terms. The terms are ORed. @@ -1505,7 +2291,9 @@ pub struct CryostatSchedulingOptionsAffinityNodeAffinityRequiredDuringScheduling pub node_selector_terms: Vec, } -/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { /// A list of node selector requirements by node's labels. @@ -1516,26 +2304,38 @@ pub struct CryostatSchedulingOptionsAffinityNodeAffinityRequiredDuringScheduling pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -1543,10 +2343,24 @@ pub struct CryostatSchedulingOptionsAffinityNodeAffinityRequiredDuringScheduling /// Pod affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAffinity #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -1557,7 +2371,8 @@ pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringScheduling /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -1567,13 +2382,24 @@ pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringScheduling /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -1584,59 +2410,93 @@ pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringScheduling /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -1647,42 +2507,60 @@ pub struct CryostatSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingI /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -1690,10 +2568,24 @@ pub struct CryostatSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingI /// Pod anti-affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAntiAffinity #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -1704,7 +2596,8 @@ pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedu /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -1714,13 +2607,24 @@ pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedu /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -1731,59 +2635,93 @@ pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedu /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -1794,62 +2732,90 @@ pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedul /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSchedulingOptionsTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. #[serde(default, skip_serializing_if = "Option::is_none")] pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, } @@ -1863,53 +2829,101 @@ pub struct CryostatSecurityOptions { /// Security Context to apply to the JFR Data Source container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceSecurityContext")] pub data_source_security_context: Option, + /// Security Context to apply to the storage container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "databaseSecurityContext")] + pub database_security_context: Option, /// Security Context to apply to the Grafana container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "grafanaSecurityContext")] pub grafana_security_context: Option, /// Security Context to apply to the Cryostat pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurityContext")] pub pod_security_context: Option, + /// Security Context to apply to the storage container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageSecurityContext")] + pub storage_security_context: Option, } /// Security Context to apply to the Cryostat application container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsCoreSecurityContext { - /// AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, - /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, - /// Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, - /// procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] pub proc_mount: Option, - /// Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] pub read_only_root_filesystem: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsCoreSecurityContextCapabilities { /// Added capabilities @@ -1920,7 +2934,11 @@ pub struct CryostatSecurityOptionsCoreSecurityContextCapabilities { pub drop: Option>, } -/// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsCoreSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -1937,31 +2955,53 @@ pub struct CryostatSecurityOptionsCoreSecurityContextSeLinuxOptions { pub user: Option, } -/// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsCoreSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsCoreSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } @@ -1969,42 +3009,84 @@ pub struct CryostatSecurityOptionsCoreSecurityContextWindowsOptions { /// Security Context to apply to the JFR Data Source container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsDataSourceSecurityContext { - /// AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, - /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, - /// Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, - /// procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] pub proc_mount: Option, - /// Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] pub read_only_root_filesystem: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsDataSourceSecurityContextCapabilities { /// Added capabilities @@ -2015,7 +3097,11 @@ pub struct CryostatSecurityOptionsDataSourceSecurityContextCapabilities { pub drop: Option>, } -/// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsDataSourceSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -2032,31 +3118,216 @@ pub struct CryostatSecurityOptionsDataSourceSecurityContextSeLinuxOptions { pub user: Option, } -/// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsDataSourceSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsDataSourceSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// Security Context to apply to the storage container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDatabaseSecurityContext { + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] + pub allow_privilege_escalation: Option, + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub capabilities: Option, + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub privileged: Option, + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] + pub proc_mount: Option, + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] + pub read_only_root_filesystem: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDatabaseSecurityContextCapabilities { + /// Added capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub add: Option>, + /// Removed capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub drop: Option>, +} + +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDatabaseSecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDatabaseSecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDatabaseSecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } @@ -2064,42 +3335,84 @@ pub struct CryostatSecurityOptionsDataSourceSecurityContextWindowsOptions { /// Security Context to apply to the Grafana container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsGrafanaSecurityContext { - /// AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, - /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, - /// Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, - /// procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] pub proc_mount: Option, - /// Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] pub read_only_root_filesystem: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsGrafanaSecurityContextCapabilities { /// Added capabilities @@ -2110,7 +3423,11 @@ pub struct CryostatSecurityOptionsGrafanaSecurityContextCapabilities { pub drop: Option>, } -/// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsGrafanaSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -2127,31 +3444,53 @@ pub struct CryostatSecurityOptionsGrafanaSecurityContextSeLinuxOptions { pub user: Option, } -/// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsGrafanaSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsGrafanaSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } @@ -2159,41 +3498,93 @@ pub struct CryostatSecurityOptionsGrafanaSecurityContextWindowsOptions { /// Security Context to apply to the Cryostat pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsPodSecurityContext { - /// A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - /// 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - /// If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. + /// A special supplemental group that applies to all containers in a pod. + /// Some volume types allow the Kubelet to change the ownership of that volume + /// to be owned by the pod: + /// + /// + /// 1. The owning GID will be the FSGroup + /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + /// 3. The permission bits are OR'd with rw-rw---- + /// + /// + /// If unset, the Kubelet will not modify the ownership and permissions of any volume. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] pub fs_group: Option, - /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. + /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + /// before being exposed inside Pod. This field will only apply to + /// volume types which support fsGroup based ownership(and permissions). + /// It will have no effect on ephemeral volume types such as: secret, configmaps + /// and emptydir. + /// Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroupChangePolicy")] pub fs_group_change_policy: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to all containers. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in SecurityContext. If set in + /// both SecurityContext and PodSecurityContext, the value specified in SecurityContext + /// takes precedence for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by the containers in this pod. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. + /// A list of groups applied to the first process run in each container, in addition + /// to the container's primary GID, the fsGroup (if specified), and group memberships + /// defined in the container image for the uid of the container process. If unspecified, + /// no additional groups are added to any container. Note that group memberships + /// defined in the container image for the uid of the container process are still effective, + /// even if they are not included in this list. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, - /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. + /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + /// sysctls (by the container runtime) might fail to launch. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, - /// The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options within a container's SecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to all containers. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in SecurityContext. If set in +/// both SecurityContext and PodSecurityContext, the value specified in SecurityContext +/// takes precedence for that container. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsPodSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -2210,14 +3601,23 @@ pub struct CryostatSecurityOptionsPodSecurityContextSeLinuxOptions { pub user: Option, } -/// The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by the containers in this pod. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsPodSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } @@ -2231,19 +3631,193 @@ pub struct CryostatSecurityOptionsPodSecurityContextSysctls { pub value: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options within a container's SecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatSecurityOptionsPodSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// Security Context to apply to the storage container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsStorageSecurityContext { + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] + pub allow_privilege_escalation: Option, + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub capabilities: Option, + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub privileged: Option, + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] + pub proc_mount: Option, + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] + pub read_only_root_filesystem: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsStorageSecurityContextCapabilities { + /// Added capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub add: Option>, + /// Removed capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub drop: Option>, +} + +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsStorageSecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsStorageSecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsStorageSecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } @@ -2257,9 +3831,12 @@ pub struct CryostatServiceOptions { /// Specification for the service responsible for the Cryostat Grafana dashboard. #[serde(default, skip_serializing_if = "Option::is_none", rename = "grafanaConfig")] pub grafana_config: Option, - /// Specification for the service responsible for the cryostat-reports sidecars. + /// Specification for the service responsible for the Cryostat reports sidecars. #[serde(default, skip_serializing_if = "Option::is_none", rename = "reportsConfig")] pub reports_config: Option, + /// Specification for the service responsible for the Cryostat storage container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageConfig")] + pub storage_config: Option, } /// Specification for the service responsible for the Cryostat application. @@ -2268,13 +3845,17 @@ pub struct CryostatServiceOptionsCoreConfig { /// Annotations to add to the service during its creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// HTTP port number for the Cryostat application service. Defaults to 8181. + /// HTTP port number for the Cryostat application service. + /// Defaults to 8181. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpPort")] pub http_port: Option, - /// Remote JMX port number for the Cryostat application service. Defaults to 9091. + /// Remote JMX port number for the Cryostat application service. + /// Defaults to 9091. #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmxPort")] pub jmx_port: Option, - /// Labels to add to the service during its creation. The labels with keys "app" and "component" are reserved for use by the operator. + /// Labels to add to the service during its creation. + /// The labels with keys "app" and "component" are reserved + /// for use by the operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, /// Type of service to create. Defaults to "ClusterIP". @@ -2288,10 +3869,13 @@ pub struct CryostatServiceOptionsGrafanaConfig { /// Annotations to add to the service during its creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// HTTP port number for the Grafana dashboard service. Defaults to 3000. + /// HTTP port number for the Grafana dashboard service. + /// Defaults to 3000. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpPort")] pub http_port: Option, - /// Labels to add to the service during its creation. The labels with keys "app" and "component" are reserved for use by the operator. + /// Labels to add to the service during its creation. + /// The labels with keys "app" and "component" are reserved + /// for use by the operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, /// Type of service to create. Defaults to "ClusterIP". @@ -2299,16 +3883,39 @@ pub struct CryostatServiceOptionsGrafanaConfig { pub service_type: Option, } -/// Specification for the service responsible for the cryostat-reports sidecars. +/// Specification for the service responsible for the Cryostat reports sidecars. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatServiceOptionsReportsConfig { /// Annotations to add to the service during its creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// HTTP port number for the cryostat-reports service. Defaults to 10000. + /// HTTP port number for the cryostat-reports service. + /// Defaults to 10000. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpPort")] + pub http_port: Option, + /// Labels to add to the service during its creation. + /// The labels with keys "app" and "component" are reserved + /// for use by the operator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Type of service to create. Defaults to "ClusterIP". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceType")] + pub service_type: Option, +} + +/// Specification for the service responsible for the Cryostat storage container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatServiceOptionsStorageConfig { + /// Annotations to add to the service during its creation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// HTTP port number for the cryostat storage service. + /// Defaults to 8333 #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpPort")] pub http_port: Option, - /// Labels to add to the service during its creation. The labels with keys "app" and "component" are reserved for use by the operator. + /// Labels to add to the service during its creation. + /// The labels with keys "app" and "component" are reserved + /// for use by the operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, /// Type of service to create. Defaults to "ClusterIP". @@ -2319,21 +3926,26 @@ pub struct CryostatServiceOptionsReportsConfig { /// Options to customize the storage for Flight Recordings and Templates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatStorageOptions { - /// Configuration for an EmptyDir to be created by the operator instead of a PVC. + /// Configuration for an EmptyDir to be created + /// by the operator instead of a PVC. #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] pub empty_dir: Option, - /// Configuration for the Persistent Volume Claim to be created by the operator. + /// Configuration for the Persistent Volume Claim to be created + /// by the operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub pvc: Option, } -/// Configuration for an EmptyDir to be created by the operator instead of a PVC. +/// Configuration for an EmptyDir to be created +/// by the operator instead of a PVC. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatStorageOptionsEmptyDir { /// When enabled, Cryostat will use EmptyDir volumes instead of a Persistent Volume Claim. Any PVC configurations will be ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, - /// Unless specified, the emptyDir volume will be mounted on the same storage medium backing the node. Setting this field to "Memory" will mount the emptyDir on a tmpfs (RAM-backed filesystem). + /// Unless specified, the emptyDir volume will be mounted on + /// the same storage medium backing the node. Setting this field to + /// "Memory" will mount the emptyDir on a tmpfs (RAM-backed filesystem). #[serde(default, skip_serializing_if = "Option::is_none")] pub medium: Option, /// The maximum memory limit for the emptyDir. Default is unbounded. @@ -2341,42 +3953,88 @@ pub struct CryostatStorageOptionsEmptyDir { pub size_limit: Option, } -/// Configuration for the Persistent Volume Claim to be created by the operator. +/// Configuration for the Persistent Volume Claim to be created +/// by the operator. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatStorageOptionsPvc { /// Annotations to add to the Persistent Volume Claim during its creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Labels to add to the Persistent Volume Claim during its creation. The label with key "app" is reserved for use by the operator. + /// Labels to add to the Persistent Volume Claim during its creation. + /// The label with key "app" is reserved for use by the operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, - /// Spec for a Persistent Volume Claim, whose options will override the defaults used by the operator. Unless overriden, the PVC will be created with the default Storage Class and 500MiB of storage. Once the operator has created the PVC, changes to this field have no effect. + /// Spec for a Persistent Volume Claim, whose options will override the + /// defaults used by the operator. Unless overriden, the PVC will be + /// created with the default Storage Class and 500MiB of storage. + /// Once the operator has created the PVC, changes to this field have + /// no effect. #[serde(default, skip_serializing_if = "Option::is_none")] pub spec: Option, } -/// Spec for a Persistent Volume Claim, whose options will override the defaults used by the operator. Unless overriden, the PVC will be created with the default Storage Class and 500MiB of storage. Once the operator has created the PVC, changes to this field have no effect. +/// Spec for a Persistent Volume Claim, whose options will override the +/// defaults used by the operator. Unless overriden, the PVC will be +/// created with the default Storage Class and 500MiB of storage. +/// Once the operator has created the PVC, changes to this field have +/// no effect. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatStorageOptionsPvcSpec { - /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + /// accessModes contains the desired access modes the volume should have. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. + /// dataSource field can be used to specify either: + /// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + /// * An existing PVC (PersistentVolumeClaim) + /// If the provisioner or an external controller can support the specified data source, + /// it will create a new volume based on the contents of the specified data source. + /// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + /// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + /// If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + /// volume is desired. This may be any object from a non-empty API group (non + /// core object) or a PersistentVolumeClaim object. + /// When this field is specified, volume binding will only succeed if the type of + /// the specified object matches some installed volume populator or dynamic + /// provisioner. + /// This field will replace the functionality of the dataSource field and as such + /// if both fields are non-empty, they must have the same value. For backwards + /// compatibility, when namespace isn't specified in dataSourceRef, + /// both fields (dataSource and dataSourceRef) will be set to the same + /// value automatically if one of them is empty and the other is non-empty. + /// When namespace is specified in dataSourceRef, + /// dataSource isn't set to the same value and must be empty. + /// There are three important differences between dataSource and dataSourceRef: + /// * While dataSource only allows two specific types of objects, dataSourceRef + /// allows any non-core object, as well as PersistentVolumeClaim objects. + /// * While dataSource ignores disallowed values (dropping them), dataSourceRef + /// preserves all values, and generates an error if a disallowed value is + /// specified. + /// * While dataSource only allows local objects, dataSourceRef allows objects + /// in any namespaces. + /// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, - /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + /// resources represents the minimum resources the volume should have. + /// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + /// that are lower than previous value but must still be higher than capacity recorded in the + /// status field of the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, /// selector is a label query over volumes to consider for binding. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, - /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + /// storageClassName is the name of the StorageClass required by the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, - /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + /// volumeMode defines what type of volume is required by the claim. + /// Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, /// volumeName is the binding reference to the PersistentVolume backing this claim. @@ -2384,10 +4042,19 @@ pub struct CryostatStorageOptionsPvcSpec { pub volume_name: Option, } -/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +/// dataSource field can be used to specify either: +/// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +/// * An existing PVC (PersistentVolumeClaim) +/// If the provisioner or an external controller can support the specified data source, +/// it will create a new volume based on the contents of the specified data source. +/// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +/// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +/// If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatStorageOptionsPvcSpecDataSource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced @@ -2396,33 +4063,73 @@ pub struct CryostatStorageOptionsPvcSpecDataSource { pub name: String, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +/// volume is desired. This may be any object from a non-empty API group (non +/// core object) or a PersistentVolumeClaim object. +/// When this field is specified, volume binding will only succeed if the type of +/// the specified object matches some installed volume populator or dynamic +/// provisioner. +/// This field will replace the functionality of the dataSource field and as such +/// if both fields are non-empty, they must have the same value. For backwards +/// compatibility, when namespace isn't specified in dataSourceRef, +/// both fields (dataSource and dataSourceRef) will be set to the same +/// value automatically if one of them is empty and the other is non-empty. +/// When namespace is specified in dataSourceRef, +/// dataSource isn't set to the same value and must be empty. +/// There are three important differences between dataSource and dataSourceRef: +/// * While dataSource only allows two specific types of objects, dataSourceRef +/// allows any non-core object, as well as PersistentVolumeClaim objects. +/// * While dataSource ignores disallowed values (dropping them), dataSourceRef +/// preserves all values, and generates an error if a disallowed value is +/// specified. +/// * While dataSource only allows local objects, dataSourceRef allows objects +/// in any namespaces. +/// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatStorageOptionsPvcSpecDataSourceRef { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced pub kind: String, /// Name is the name of resource being referenced pub name: String, - /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + /// Namespace is the namespace of resource being referenced + /// Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + /// (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +/// resources represents the minimum resources the volume should have. +/// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +/// that are lower than previous value but must still be higher than capacity recorded in the +/// status field of the claim. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatStorageOptionsPvcSpecResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - /// This field is immutable. It can only be set for containers. + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -2430,7 +4137,9 @@ pub struct CryostatStorageOptionsPvcSpecResources { /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatStorageOptionsPvcSpecResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. pub name: String, } @@ -2440,19 +4149,26 @@ pub struct CryostatStorageOptionsPvcSpecSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CryostatStorageOptionsPvcSpecSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } diff --git a/kube-custom-resources-rs/src/operator_cryostat_io/v1beta2/cryostats.rs b/kube-custom-resources-rs/src/operator_cryostat_io/v1beta2/cryostats.rs new file mode 100644 index 000000000..b73b40c34 --- /dev/null +++ b/kube-custom-resources-rs/src/operator_cryostat_io/v1beta2/cryostats.rs @@ -0,0 +1,3954 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta2/cryostats.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.20.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use std::collections::BTreeMap; + pub use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; +} +use self::prelude::*; + +/// CryostatSpec defines the desired state of Cryostat. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "operator.cryostat.io", version = "v1beta2", kind = "Cryostat", plural = "cryostats")] +#[kube(namespaced)] +#[kube(status = "CryostatStatus")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct CryostatSpec { + /// Additional configuration options for the authorization proxy. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationOptions")] + pub authorization_options: Option, + /// Options to configure the Cryostat application's database. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "databaseOptions")] + pub database_options: Option, + /// Use cert-manager to secure in-cluster communication between Cryostat components. + /// Requires cert-manager to be installed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCertManager")] + pub enable_cert_manager: Option, + /// List of Flight Recorder Event Templates to preconfigure in Cryostat. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "eventTemplates")] + pub event_templates: Option>, + /// Options to control how the operator exposes the application outside of the cluster, + /// such as using an Ingress or Route. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "networkOptions")] + pub network_options: Option, + /// Options to configure the Cryostat deployments and pods metadata + #[serde(default, skip_serializing_if = "Option::is_none", rename = "operandMetadata")] + pub operand_metadata: Option, + /// Options to configure Cryostat Automated Report Analysis. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "reportOptions")] + pub report_options: Option, + /// Resource requirements for the Cryostat deployment. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Options to configure scheduling for the Cryostat deployment + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingOptions")] + pub scheduling_options: Option, + /// Options to configure the Security Contexts for the Cryostat application. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityOptions")] + pub security_options: Option, + /// Options to customize the services created for the Cryostat application. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceOptions")] + pub service_options: Option, + /// Options to customize the storage provisioned for the database and object storage. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageOptions")] + pub storage_options: Option, + /// Options to customize the target connections cache for the Cryostat application. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetConnectionCacheOptions")] + pub target_connection_cache_options: Option, + /// Options to configure the Cryostat application's target discovery mechanisms. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetDiscoveryOptions")] + pub target_discovery_options: Option, + /// List of namespaces whose workloads Cryostat should be + /// permitted to access and profile. Defaults to this Cryostat's namespace. + /// Warning: All Cryostat users will be able to create and manage + /// recordings for workloads in the listed namespaces. + /// More details: https://github.com/cryostatio/cryostat-operator/blob/v2.4.0/docs/multi-namespace.md#data-isolation + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetNamespaces")] + pub target_namespaces: Option>, + /// List of TLS certificates to trust when connecting to targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "trustedCertSecrets")] + pub trusted_cert_secrets: Option>, +} + +/// Additional configuration options for the authorization proxy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatAuthorizationOptions { + /// Reference to a secret and file name containing the Basic authentication htpasswd file. If deploying on OpenShift this + /// defines additional user accounts that can access the Cryostat application, on top of the OpenShift user accounts which + /// pass the OpenShift SSO Roles checks. If not on OpenShift then this defines the only user accounts that have access. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] + pub basic_auth: Option, + /// Configuration for OpenShift RBAC to define which OpenShift user accounts may access the Cryostat application. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "openShiftSSO")] + pub open_shift_sso: Option, +} + +/// Reference to a secret and file name containing the Basic authentication htpasswd file. If deploying on OpenShift this +/// defines additional user accounts that can access the Cryostat application, on top of the OpenShift user accounts which +/// pass the OpenShift SSO Roles checks. If not on OpenShift then this defines the only user accounts that have access. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatAuthorizationOptionsBasicAuth { + /// Name of the file within the secret. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filename: Option, + /// Name of the secret to reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +/// Configuration for OpenShift RBAC to define which OpenShift user accounts may access the Cryostat application. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatAuthorizationOptionsOpenShiftSso { + /// The SubjectAccessReview or TokenAccessReview that all clients (users visiting the application via web browser as well + /// as CLI utilities and other programs presenting Bearer auth tokens) must pass in order to access the application. + /// If not specified, the default role required is "create pods/exec" in the Cryostat application's installation namespace. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessReview")] + pub access_review: Option, + /// Disable OpenShift SSO integration and allow all users to access the application without authentication. This + /// will also bypass the BasicAuth, if specified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub disable: Option, +} + +/// The SubjectAccessReview or TokenAccessReview that all clients (users visiting the application via web browser as well +/// as CLI utilities and other programs presenting Bearer auth tokens) must pass in order to access the application. +/// If not specified, the default role required is "create pods/exec" in the Cryostat application's installation namespace. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatAuthorizationOptionsOpenShiftSsoAccessReview { + /// Group is the API Group of the Resource. "*" means all. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces + /// "" (empty) is defaulted for LocalSubjectAccessReviews + /// "" (empty) is empty for cluster-scoped resources + /// "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Resource is one of the existing resource types. "*" means all. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Subresource is one of the existing resource types. "" means none. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subresource: Option, + /// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub verb: Option, + /// Version is the API Version of the Resource. "*" means all. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub version: Option, +} + +/// Options to configure the Cryostat application's database. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatDatabaseOptions { + /// Name of the secret containing database keys. This secret must contain a CONNECTION_KEY secret which is the + /// database connection password, and an ENCRYPTION_KEY secret which is the key used to encrypt sensitive data + /// stored within the database, such as the target credentials keyring. This field cannot be updated. + /// It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. + /// More details: https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +/// A ConfigMap containing a .jfc template file. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatEventTemplates { + /// Name of config map in the local namespace. + #[serde(rename = "configMapName")] + pub config_map_name: String, + /// Filename within config map containing the template file. + pub filename: String, +} + +/// Options to control how the operator exposes the application outside of the cluster, +/// such as using an Ingress or Route. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptions { + /// Specifications for how to expose the Cryostat service, + /// which serves the Cryostat application. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "coreConfig")] + pub core_config: Option, +} + +/// Specifications for how to expose the Cryostat service, +/// which serves the Cryostat application. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfig { + /// Annotations to add to the Ingress or Route during its creation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Configuration for an Ingress object. + /// Currently subpaths are not supported, so unique hosts must be specified + /// (if a single external IP is being used) to differentiate between ingresses/services. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressSpec")] + pub ingress_spec: Option, + /// Labels to add to the Ingress or Route during its creation. + /// The label with key "app" is reserved for use by the operator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, +} + +/// Configuration for an Ingress object. +/// Currently subpaths are not supported, so unique hosts must be specified +/// (if a single external IP is being used) to differentiate between ingresses/services. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpec { + /// defaultBackend is the backend that should handle requests that don't + /// match any rule. If Rules are not specified, DefaultBackend must be specified. + /// If DefaultBackend is not set, the handling of requests that do not match any + /// of the rules will be up to the Ingress controller. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultBackend")] + pub default_backend: Option, + /// ingressClassName is the name of an IngressClass cluster resource. Ingress + /// controller implementations use this field to know whether they should be + /// serving this Ingress resource, by a transitive connection + /// (controller -> IngressClass -> Ingress resource). Although the + /// `kubernetes.io/ingress.class` annotation (simple constant name) was never + /// formally defined, it was widely supported by Ingress controllers to create + /// a direct binding between Ingress controller and Ingress resources. Newly + /// created Ingress resources should prefer using the field. However, even + /// though the annotation is officially deprecated, for backwards compatibility + /// reasons, ingress controllers should still honor that annotation if present. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressClassName")] + pub ingress_class_name: Option, + /// rules is a list of host rules used to configure the Ingress. If unspecified, + /// or no rule matches, all traffic is sent to the default backend. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rules: Option>, + /// tls represents the TLS configuration. Currently the Ingress only supports a + /// single TLS port, 443. If multiple members of this list specify different hosts, + /// they will be multiplexed on the same port according to the hostname specified + /// through the SNI TLS extension, if the ingress controller fulfilling the + /// ingress supports SNI. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tls: Option>, +} + +/// defaultBackend is the backend that should handle requests that don't +/// match any rule. If Rules are not specified, DefaultBackend must be specified. +/// If DefaultBackend is not set, the handling of requests that do not match any +/// of the rules will be up to the Ingress controller. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecDefaultBackend { + /// resource is an ObjectRef to another Kubernetes resource in the namespace + /// of the Ingress object. If resource is specified, a service.Name and + /// service.Port must not be specified. + /// This is a mutually exclusive setting with "Service". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// service references a service as a backend. + /// This is a mutually exclusive setting with "Resource". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, +} + +/// resource is an ObjectRef to another Kubernetes resource in the namespace +/// of the Ingress object. If resource is specified, a service.Name and +/// service.Port must not be specified. +/// This is a mutually exclusive setting with "Service". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecDefaultBackendResource { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, +} + +/// service references a service as a backend. +/// This is a mutually exclusive setting with "Resource". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecDefaultBackendService { + /// name is the referenced service. The service must exist in + /// the same namespace as the Ingress object. + pub name: String, + /// port of the referenced service. A port name or port number + /// is required for a IngressServiceBackend. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, +} + +/// port of the referenced service. A port name or port number +/// is required for a IngressServiceBackend. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecDefaultBackendServicePort { + /// name is the name of the port on the Service. + /// This is a mutually exclusive setting with "Number". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// number is the numerical port number (e.g. 80) on the Service. + /// This is a mutually exclusive setting with "Name". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub number: Option, +} + +/// IngressRule represents the rules mapping the paths under a specified host to +/// the related backend services. Incoming requests are first evaluated for a host +/// match, then routed to the backend associated with the matching IngressRuleValue. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecRules { + /// host is the fully qualified domain name of a network host, as defined by RFC 3986. + /// Note the following deviations from the "host" part of the + /// URI as defined in RFC 3986: + /// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to + /// the IP in the Spec of the parent Ingress. + /// 2. The `:` delimiter is not respected because ports are not allowed. + /// Currently the port of an Ingress is implicitly :80 for http and + /// :443 for https. + /// Both these may change in the future. + /// Incoming requests are matched against the host before the + /// IngressRuleValue. If the host is unspecified, the Ingress routes all + /// traffic based on the specified IngressRuleValue. + /// + /// + /// host can be "precise" which is a domain name without the terminating dot of + /// a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name + /// prefixed with a single wildcard label (e.g. "*.foo.com"). + /// The wildcard character '*' must appear by itself as the first DNS label and + /// matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). + /// Requests will be matched against the Host field in the following way: + /// 1. If host is precise, the request matches this rule if the http host header is equal to Host. + /// 2. If host is a wildcard, then the request matches this rule if the http host header + /// is to equal to the suffix (removing the first label) of the wildcard rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub host: Option, + /// HTTPIngressRuleValue is a list of http selectors pointing to backends. + /// In the example: http:///? -> backend where + /// where parts of the url correspond to RFC 3986, this resource will be used + /// to match against everything after the last '/' and before the first '?' + /// or '#'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, +} + +/// HTTPIngressRuleValue is a list of http selectors pointing to backends. +/// In the example: http:///? -> backend where +/// where parts of the url correspond to RFC 3986, this resource will be used +/// to match against everything after the last '/' and before the first '?' +/// or '#'. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttp { + /// paths is a collection of paths that map requests to backends. + pub paths: Vec, +} + +/// HTTPIngressPath associates a path with a backend. Incoming urls matching the +/// path are forwarded to the backend. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPaths { + /// backend defines the referenced service endpoint to which the traffic + /// will be forwarded to. + pub backend: CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPathsBackend, + /// path is matched against the path of an incoming request. Currently it can + /// contain characters disallowed from the conventional "path" part of a URL + /// as defined by RFC 3986. Paths must begin with a '/' and must be present + /// when using PathType with value "Exact" or "Prefix". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, + /// pathType determines the interpretation of the path matching. PathType can + /// be one of the following values: + /// * Exact: Matches the URL path exactly. + /// * Prefix: Matches based on a URL path prefix split by '/'. Matching is + /// done on a path element by element basis. A path element refers is the + /// list of labels in the path split by the '/' separator. A request is a + /// match for path p if every p is an element-wise prefix of p of the + /// request path. Note that if the last element of the path is a substring + /// of the last element in request path, it is not a match (e.g. /foo/bar + /// matches /foo/bar/baz, but does not match /foo/barbaz). + /// * ImplementationSpecific: Interpretation of the Path matching is up to + /// the IngressClass. Implementations can treat this as a separate PathType + /// or treat it identically to Prefix or Exact path types. + /// Implementations are required to support all path types. + #[serde(rename = "pathType")] + pub path_type: String, +} + +/// backend defines the referenced service endpoint to which the traffic +/// will be forwarded to. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPathsBackend { + /// resource is an ObjectRef to another Kubernetes resource in the namespace + /// of the Ingress object. If resource is specified, a service.Name and + /// service.Port must not be specified. + /// This is a mutually exclusive setting with "Service". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// service references a service as a backend. + /// This is a mutually exclusive setting with "Resource". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, +} + +/// resource is an ObjectRef to another Kubernetes resource in the namespace +/// of the Ingress object. If resource is specified, a service.Name and +/// service.Port must not be specified. +/// This is a mutually exclusive setting with "Service". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPathsBackendResource { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, +} + +/// service references a service as a backend. +/// This is a mutually exclusive setting with "Resource". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPathsBackendService { + /// name is the referenced service. The service must exist in + /// the same namespace as the Ingress object. + pub name: String, + /// port of the referenced service. A port name or port number + /// is required for a IngressServiceBackend. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, +} + +/// port of the referenced service. A port name or port number +/// is required for a IngressServiceBackend. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecRulesHttpPathsBackendServicePort { + /// name is the name of the port on the Service. + /// This is a mutually exclusive setting with "Number". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// number is the numerical port number (e.g. 80) on the Service. + /// This is a mutually exclusive setting with "Name". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub number: Option, +} + +/// IngressTLS describes the transport layer security associated with an ingress. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatNetworkOptionsCoreConfigIngressSpecTls { + /// hosts is a list of hosts included in the TLS certificate. The values in + /// this list must match the name/s used in the tlsSecret. Defaults to the + /// wildcard host setting for the loadbalancer controller fulfilling this + /// Ingress, if left unspecified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub hosts: Option>, + /// secretName is the name of the secret used to terminate TLS traffic on + /// port 443. Field is left optional to allow TLS routing based on SNI + /// hostname alone. If the SNI host in a listener conflicts with the "Host" + /// header field used by an IngressRule, the SNI host is used for termination + /// and value of the "Host" header is used for routing. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +/// Options to configure the Cryostat deployments and pods metadata +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatOperandMetadata { + /// Options to configure the Cryostat deployments metadata + #[serde(default, skip_serializing_if = "Option::is_none", rename = "deploymentMetadata")] + pub deployment_metadata: Option, + /// Options to configure the Cryostat pods metadata + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podMetadata")] + pub pod_metadata: Option, +} + +/// Options to configure the Cryostat deployments metadata +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatOperandMetadataDeploymentMetadata { + /// Annotations to add to the resources during its creation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Labels to add to the resources during its creation. + /// The labels with keys "app" and "component" are reserved + /// for use by the operator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, +} + +/// Options to configure the Cryostat pods metadata +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatOperandMetadataPodMetadata { + /// Annotations to add to the resources during its creation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Labels to add to the resources during its creation. + /// The labels with keys "app" and "component" are reserved + /// for use by the operator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, +} + +/// Options to configure Cryostat Automated Report Analysis. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptions { + /// The number of report sidecar replica containers to deploy. + /// Each replica can service one report generation request at a time. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub replicas: Option, + /// The resources allocated to each sidecar replica. + /// A replica with more resources can handle larger input recordings and will process them faster. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Options to configure scheduling for the reports deployment + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingOptions")] + pub scheduling_options: Option, + /// Options to configure the Security Contexts for the Cryostat report generator. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityOptions")] + pub security_options: Option, + /// When zero report sidecar replicas are requested, SubProcessMaxHeapSize configures + /// the maximum heap size of the basic subprocess report generator in MiB. + /// The default heap size is `200` (MiB). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subProcessMaxHeapSize")] + pub sub_process_max_heap_size: Option, +} + +/// The resources allocated to each sidecar replica. +/// A replica with more resources can handle larger input recordings and will process them faster. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// Options to configure scheduling for the reports deployment +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptions { + /// Affinity rules for scheduling Cryostat pods. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, + /// Label selector used to schedule a Cryostat pod to a node. See: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// Tolerations to allow scheduling of Cryostat pods to tainted nodes. See: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, +} + +/// Affinity rules for scheduling Cryostat pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinity { + /// Node affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#NodeAffinity + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Pod affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAffinity + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Pod anti-affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAntiAffinity + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, +} + +/// Node affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#NodeAffinity +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, +} + +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, +} + +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Pod affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAffinity +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Pod anti-affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAntiAffinity +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSchedulingOptionsTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Options to configure the Security Contexts for the Cryostat report generator. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSecurityOptions { + /// Security Context to apply to the Cryostat report generator pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurityContext")] + pub pod_security_context: Option, + /// Security Context to apply to the Cryostat report generator container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "reportsSecurityContext")] + pub reports_security_context: Option, +} + +/// Security Context to apply to the Cryostat report generator pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSecurityOptionsPodSecurityContext { + /// A special supplemental group that applies to all containers in a pod. + /// Some volume types allow the Kubelet to change the ownership of that volume + /// to be owned by the pod: + /// + /// + /// 1. The owning GID will be the FSGroup + /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + /// 3. The permission bits are OR'd with rw-rw---- + /// + /// + /// If unset, the Kubelet will not modify the ownership and permissions of any volume. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] + pub fs_group: Option, + /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + /// before being exposed inside Pod. This field will only apply to + /// volume types which support fsGroup based ownership(and permissions). + /// It will have no effect on ephemeral volume types such as: secret, configmaps + /// and emptydir. + /// Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroupChangePolicy")] + pub fs_group_change_policy: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to all containers. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in SecurityContext. If set in + /// both SecurityContext and PodSecurityContext, the value specified in SecurityContext + /// takes precedence for that container. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by the containers in this pod. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// A list of groups applied to the first process run in each container, in addition + /// to the container's primary GID, the fsGroup (if specified), and group memberships + /// defined in the container image for the uid of the container process. If unspecified, + /// no additional groups are added to any container. Note that group memberships + /// defined in the container image for the uid of the container process are still effective, + /// even if they are not included in this list. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] + pub supplemental_groups: Option>, + /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + /// sysctls (by the container runtime) might fail to launch. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sysctls: Option>, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options within a container's SecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The SELinux context to be applied to all containers. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in SecurityContext. If set in +/// both SecurityContext and PodSecurityContext, the value specified in SecurityContext +/// takes precedence for that container. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSecurityOptionsPodSecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by the containers in this pod. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSecurityOptionsPodSecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// Sysctl defines a kernel parameter to be set +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSecurityOptionsPodSecurityContextSysctls { + /// Name of a property to set + pub name: String, + /// Value of a property to set + pub value: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options within a container's SecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSecurityOptionsPodSecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// Security Context to apply to the Cryostat report generator container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContext { + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] + pub allow_privilege_escalation: Option, + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub capabilities: Option, + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub privileged: Option, + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] + pub proc_mount: Option, + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] + pub read_only_root_filesystem: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContextCapabilities { + /// Added capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub add: Option>, + /// Removed capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub drop: Option>, +} + +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatReportOptionsSecurityOptionsReportsSecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// Resource requirements for the Cryostat deployment. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResources { + /// Resource requirements for the auth proxy. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authProxyResources")] + pub auth_proxy_resources: Option, + /// Resource requirements for the Cryostat application. If specifying a memory limit, at least 384MiB is recommended. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "coreResources")] + pub core_resources: Option, + /// Resource requirements for the JFR Data Source container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceResources")] + pub data_source_resources: Option, + /// Resource requirements for the database container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "databaseResources")] + pub database_resources: Option, + /// Resource requirements for the Grafana container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "grafanaResources")] + pub grafana_resources: Option, + /// Resource requirements for the object storage container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectStorageResources")] + pub object_storage_resources: Option, +} + +/// Resource requirements for the auth proxy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesAuthProxyResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesAuthProxyResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// Resource requirements for the Cryostat application. If specifying a memory limit, at least 384MiB is recommended. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesCoreResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesCoreResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// Resource requirements for the JFR Data Source container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesDataSourceResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesDataSourceResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// Resource requirements for the database container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesDatabaseResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesDatabaseResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// Resource requirements for the Grafana container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesGrafanaResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesGrafanaResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// Resource requirements for the object storage container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesObjectStorageResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatResourcesObjectStorageResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// Options to configure scheduling for the Cryostat deployment +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptions { + /// Affinity rules for scheduling Cryostat pods. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, + /// Label selector used to schedule a Cryostat pod to a node. See: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// Tolerations to allow scheduling of Cryostat pods to tainted nodes. See: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, +} + +/// Affinity rules for scheduling Cryostat pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinity { + /// Node affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#NodeAffinity + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Pod affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAffinity + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Pod anti-affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAntiAffinity + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, +} + +/// Node affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#NodeAffinity +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, +} + +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: CryostatSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, +} + +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Pod affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAffinity +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Pod anti-affinity scheduling rules for a Cryostat pod. See: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodAntiAffinity +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSchedulingOptionsTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Options to configure the Security Contexts for the Cryostat application. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptions { + /// Security Context to apply to the auth proxy container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authProxySecurityContext")] + pub auth_proxy_security_context: Option, + /// Security Context to apply to the Cryostat application container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "coreSecurityContext")] + pub core_security_context: Option, + /// Security Context to apply to the JFR Data Source container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceSecurityContext")] + pub data_source_security_context: Option, + /// Security Context to apply to the database container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "databaseSecurityContext")] + pub database_security_context: Option, + /// Security Context to apply to the Grafana container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "grafanaSecurityContext")] + pub grafana_security_context: Option, + /// Security Context to apply to the Cryostat pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurityContext")] + pub pod_security_context: Option, + /// Security Context to apply to the storage container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageSecurityContext")] + pub storage_security_context: Option, +} + +/// Security Context to apply to the auth proxy container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsAuthProxySecurityContext { + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] + pub allow_privilege_escalation: Option, + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub capabilities: Option, + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub privileged: Option, + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] + pub proc_mount: Option, + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] + pub read_only_root_filesystem: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsAuthProxySecurityContextCapabilities { + /// Added capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub add: Option>, + /// Removed capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub drop: Option>, +} + +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsAuthProxySecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsAuthProxySecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsAuthProxySecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// Security Context to apply to the Cryostat application container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsCoreSecurityContext { + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] + pub allow_privilege_escalation: Option, + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub capabilities: Option, + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub privileged: Option, + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] + pub proc_mount: Option, + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] + pub read_only_root_filesystem: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsCoreSecurityContextCapabilities { + /// Added capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub add: Option>, + /// Removed capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub drop: Option>, +} + +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsCoreSecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsCoreSecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsCoreSecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// Security Context to apply to the JFR Data Source container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDataSourceSecurityContext { + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] + pub allow_privilege_escalation: Option, + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub capabilities: Option, + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub privileged: Option, + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] + pub proc_mount: Option, + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] + pub read_only_root_filesystem: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDataSourceSecurityContextCapabilities { + /// Added capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub add: Option>, + /// Removed capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub drop: Option>, +} + +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDataSourceSecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDataSourceSecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDataSourceSecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// Security Context to apply to the database container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDatabaseSecurityContext { + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] + pub allow_privilege_escalation: Option, + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub capabilities: Option, + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub privileged: Option, + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] + pub proc_mount: Option, + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] + pub read_only_root_filesystem: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDatabaseSecurityContextCapabilities { + /// Added capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub add: Option>, + /// Removed capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub drop: Option>, +} + +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDatabaseSecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDatabaseSecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsDatabaseSecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// Security Context to apply to the Grafana container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsGrafanaSecurityContext { + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] + pub allow_privilege_escalation: Option, + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub capabilities: Option, + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub privileged: Option, + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] + pub proc_mount: Option, + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] + pub read_only_root_filesystem: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsGrafanaSecurityContextCapabilities { + /// Added capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub add: Option>, + /// Removed capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub drop: Option>, +} + +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsGrafanaSecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsGrafanaSecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsGrafanaSecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// Security Context to apply to the Cryostat pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsPodSecurityContext { + /// A special supplemental group that applies to all containers in a pod. + /// Some volume types allow the Kubelet to change the ownership of that volume + /// to be owned by the pod: + /// + /// + /// 1. The owning GID will be the FSGroup + /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + /// 3. The permission bits are OR'd with rw-rw---- + /// + /// + /// If unset, the Kubelet will not modify the ownership and permissions of any volume. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] + pub fs_group: Option, + /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + /// before being exposed inside Pod. This field will only apply to + /// volume types which support fsGroup based ownership(and permissions). + /// It will have no effect on ephemeral volume types such as: secret, configmaps + /// and emptydir. + /// Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroupChangePolicy")] + pub fs_group_change_policy: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to all containers. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in SecurityContext. If set in + /// both SecurityContext and PodSecurityContext, the value specified in SecurityContext + /// takes precedence for that container. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by the containers in this pod. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// A list of groups applied to the first process run in each container, in addition + /// to the container's primary GID, the fsGroup (if specified), and group memberships + /// defined in the container image for the uid of the container process. If unspecified, + /// no additional groups are added to any container. Note that group memberships + /// defined in the container image for the uid of the container process are still effective, + /// even if they are not included in this list. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] + pub supplemental_groups: Option>, + /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + /// sysctls (by the container runtime) might fail to launch. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sysctls: Option>, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options within a container's SecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The SELinux context to be applied to all containers. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in SecurityContext. If set in +/// both SecurityContext and PodSecurityContext, the value specified in SecurityContext +/// takes precedence for that container. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsPodSecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by the containers in this pod. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsPodSecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// Sysctl defines a kernel parameter to be set +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsPodSecurityContextSysctls { + /// Name of a property to set + pub name: String, + /// Value of a property to set + pub value: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options within a container's SecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsPodSecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// Security Context to apply to the storage container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsStorageSecurityContext { + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] + pub allow_privilege_escalation: Option, + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub capabilities: Option, + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub privileged: Option, + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] + pub proc_mount: Option, + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] + pub read_only_root_filesystem: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsStorageSecurityContextCapabilities { + /// Added capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub add: Option>, + /// Removed capabilities + #[serde(default, skip_serializing_if = "Option::is_none")] + pub drop: Option>, +} + +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsStorageSecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsStorageSecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatSecurityOptionsStorageSecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// Options to customize the services created for the Cryostat application. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatServiceOptions { + /// Specification for the service responsible for the Cryostat application. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "coreConfig")] + pub core_config: Option, + /// Specification for the service responsible for the cryostat-reports sidecars. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "reportsConfig")] + pub reports_config: Option, +} + +/// Specification for the service responsible for the Cryostat application. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatServiceOptionsCoreConfig { + /// Annotations to add to the service during its creation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// HTTP port number for the Cryostat application service. + /// Defaults to 8181. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpPort")] + pub http_port: Option, + /// Labels to add to the service during its creation. + /// The labels with keys "app" and "component" are reserved + /// for use by the operator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Type of service to create. Defaults to "ClusterIP". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceType")] + pub service_type: Option, +} + +/// Specification for the service responsible for the cryostat-reports sidecars. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatServiceOptionsReportsConfig { + /// Annotations to add to the service during its creation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// HTTP port number for the cryostat-reports service. + /// Defaults to 10000. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpPort")] + pub http_port: Option, + /// Labels to add to the service during its creation. + /// The labels with keys "app" and "component" are reserved + /// for use by the operator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Type of service to create. Defaults to "ClusterIP". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceType")] + pub service_type: Option, +} + +/// Options to customize the storage provisioned for the database and object storage. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatStorageOptions { + /// Configuration for an EmptyDir to be created + /// by the operator instead of a PVC. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Configuration for the Persistent Volume Claim to be created + /// by the operator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pvc: Option, +} + +/// Configuration for an EmptyDir to be created +/// by the operator instead of a PVC. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatStorageOptionsEmptyDir { + /// When enabled, Cryostat will use EmptyDir volumes instead of a Persistent Volume Claim. Any PVC configurations will be ignored. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Unless specified, the emptyDir volume will be mounted on + /// the same storage medium backing the node. Setting this field to + /// "Memory" will mount the emptyDir on a tmpfs (RAM-backed filesystem). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + /// The maximum memory limit for the emptyDir. Default is unbounded. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +/// Configuration for the Persistent Volume Claim to be created +/// by the operator. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatStorageOptionsPvc { + /// Annotations to add to the Persistent Volume Claim during its creation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Labels to add to the Persistent Volume Claim during its creation. + /// The label with key "app" is reserved for use by the operator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Spec for a Persistent Volume Claim, whose options will override the + /// defaults used by the operator. Unless overriden, the PVC will be + /// created with the default Storage Class and 500MiB of storage. + /// Once the operator has created the PVC, changes to this field have + /// no effect. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spec: Option, +} + +/// Spec for a Persistent Volume Claim, whose options will override the +/// defaults used by the operator. Unless overriden, the PVC will be +/// created with the default Storage Class and 500MiB of storage. +/// Once the operator has created the PVC, changes to this field have +/// no effect. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatStorageOptionsPvcSpec { + /// accessModes contains the desired access modes the volume should have. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] + pub access_modes: Option>, + /// dataSource field can be used to specify either: + /// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + /// * An existing PVC (PersistentVolumeClaim) + /// If the provisioner or an external controller can support the specified data source, + /// it will create a new volume based on the contents of the specified data source. + /// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + /// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + /// If the namespace is specified, then dataSourceRef will not be copied to dataSource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] + pub data_source: Option, + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + /// volume is desired. This may be any object from a non-empty API group (non + /// core object) or a PersistentVolumeClaim object. + /// When this field is specified, volume binding will only succeed if the type of + /// the specified object matches some installed volume populator or dynamic + /// provisioner. + /// This field will replace the functionality of the dataSource field and as such + /// if both fields are non-empty, they must have the same value. For backwards + /// compatibility, when namespace isn't specified in dataSourceRef, + /// both fields (dataSource and dataSourceRef) will be set to the same + /// value automatically if one of them is empty and the other is non-empty. + /// When namespace is specified in dataSourceRef, + /// dataSource isn't set to the same value and must be empty. + /// There are three important differences between dataSource and dataSourceRef: + /// * While dataSource only allows two specific types of objects, dataSourceRef + /// allows any non-core object, as well as PersistentVolumeClaim objects. + /// * While dataSource ignores disallowed values (dropping them), dataSourceRef + /// preserves all values, and generates an error if a disallowed value is + /// specified. + /// * While dataSource only allows local objects, dataSourceRef allows objects + /// in any namespaces. + /// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] + pub data_source_ref: Option, + /// resources represents the minimum resources the volume should have. + /// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + /// that are lower than previous value but must still be higher than capacity recorded in the + /// status field of the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// selector is a label query over volumes to consider for binding. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// storageClassName is the name of the StorageClass required by the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] + pub storage_class_name: Option, + /// volumeMode defines what type of volume is required by the claim. + /// Value of Filesystem is implied when not included in claim spec. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] + pub volume_mode: Option, + /// volumeName is the binding reference to the PersistentVolume backing this claim. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, +} + +/// dataSource field can be used to specify either: +/// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +/// * An existing PVC (PersistentVolumeClaim) +/// If the provisioner or an external controller can support the specified data source, +/// it will create a new volume based on the contents of the specified data source. +/// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +/// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +/// If the namespace is specified, then dataSourceRef will not be copied to dataSource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatStorageOptionsPvcSpecDataSource { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, +} + +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +/// volume is desired. This may be any object from a non-empty API group (non +/// core object) or a PersistentVolumeClaim object. +/// When this field is specified, volume binding will only succeed if the type of +/// the specified object matches some installed volume populator or dynamic +/// provisioner. +/// This field will replace the functionality of the dataSource field and as such +/// if both fields are non-empty, they must have the same value. For backwards +/// compatibility, when namespace isn't specified in dataSourceRef, +/// both fields (dataSource and dataSourceRef) will be set to the same +/// value automatically if one of them is empty and the other is non-empty. +/// When namespace is specified in dataSourceRef, +/// dataSource isn't set to the same value and must be empty. +/// There are three important differences between dataSource and dataSourceRef: +/// * While dataSource only allows two specific types of objects, dataSourceRef +/// allows any non-core object, as well as PersistentVolumeClaim objects. +/// * While dataSource ignores disallowed values (dropping them), dataSourceRef +/// preserves all values, and generates an error if a disallowed value is +/// specified. +/// * While dataSource only allows local objects, dataSourceRef allows objects +/// in any namespaces. +/// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatStorageOptionsPvcSpecDataSourceRef { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, + /// Namespace is the namespace of resource being referenced + /// Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + /// (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// resources represents the minimum resources the volume should have. +/// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +/// that are lower than previous value but must still be higher than capacity recorded in the +/// status field of the claim. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatStorageOptionsPvcSpecResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatStorageOptionsPvcSpecResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// selector is a label query over volumes to consider for binding. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatStorageOptionsPvcSpecSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatStorageOptionsPvcSpecSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Options to customize the target connections cache for the Cryostat application. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatTargetConnectionCacheOptions { + /// The maximum number of target connections to cache. Use `-1` for an unlimited cache size (TTL expiration only). Defaults to `-1`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetCacheSize")] + pub target_cache_size: Option, + /// The time to live (in seconds) for cached target connections. Defaults to `10`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetCacheTTL")] + pub target_cache_ttl: Option, +} + +/// Options to configure the Cryostat application's target discovery mechanisms. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatTargetDiscoveryOptions { + /// When true, the Cryostat application will disable the built-in discovery mechanisms. Defaults to false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableBuiltInDiscovery")] + pub disable_built_in_discovery: Option, + /// When false and discoveryPortNames is empty, the Cryostat application will use the default port name jfr-jmx to look for JMX connectable targets. Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableBuiltInPortNames")] + pub disable_built_in_port_names: Option, + /// When false and discoveryPortNumbers is empty, the Cryostat application will use the default port number 9091 to look for JMX connectable targets. Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableBuiltInPortNumbers")] + pub disable_built_in_port_numbers: Option, + /// List of port names that the Cryostat application should look for in order to consider a target as JMX connectable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "discoveryPortNames")] + pub discovery_port_names: Option>, + /// List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "discoveryPortNumbers")] + pub discovery_port_numbers: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatTrustedCertSecrets { + /// Key within secret containing the certificate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificateKey")] + pub certificate_key: Option, + /// Name of secret in the local namespace. + #[serde(rename = "secretName")] + pub secret_name: String, +} + +/// CryostatStatus defines the observed state of Cryostat. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CryostatStatus { + /// Address of the deployed Cryostat web application. + #[serde(rename = "applicationUrl")] + pub application_url: String, + /// Conditions of the components managed by the Cryostat Operator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + /// Name of the Secret containing the Cryostat database connection and encryption keys. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "databaseSecret")] + pub database_secret: Option, + /// Name of the Secret containing the Cryostat storage connection key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageSecret")] + pub storage_secret: Option, + /// List of namespaces that Cryostat has been configured + /// and authorized to access and profile. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetNamespaces")] + pub target_namespaces: Option>, +} + diff --git a/kube-custom-resources-rs/src/operator_cryostat_io/v1beta2/mod.rs b/kube-custom-resources-rs/src/operator_cryostat_io/v1beta2/mod.rs new file mode 100644 index 000000000..87cc289ec --- /dev/null +++ b/kube-custom-resources-rs/src/operator_cryostat_io/v1beta2/mod.rs @@ -0,0 +1 @@ +pub mod cryostats; diff --git a/kube-custom-resources-rs/src/operator_open_cluster_management_io/v1/klusterlets.rs b/kube-custom-resources-rs/src/operator_open_cluster_management_io/v1/klusterlets.rs index 305c43cef..d795e8213 100644 --- a/kube-custom-resources-rs/src/operator_open_cluster_management_io/v1/klusterlets.rs +++ b/kube-custom-resources-rs/src/operator_open_cluster_management_io/v1/klusterlets.rs @@ -164,9 +164,16 @@ pub struct KlusterletRegistrationConfigurationBootstrapKubeConfigsLocalSecretsCo /// HubConnectionTimeoutSeconds is used to set the timeout of connecting to the hub cluster. When agent loses the connection to the hub over the timeout seconds, the agent do a rebootstrap. By default is 10 mins. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hubConnectionTimeoutSeconds")] pub hub_connection_timeout_seconds: Option, - /// SecretNames is a list of secret names. The secrets are in the same namespace where the agent controller runs. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretNames")] - pub secret_names: Option>, + /// KubeConfigSecrets is a list of secret names. The secrets are in the same namespace where the agent controller runs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeConfigSecrets")] + pub kube_config_secrets: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KlusterletRegistrationConfigurationBootstrapKubeConfigsLocalSecretsConfigKubeConfigSecrets { + /// Name is the name of the secret. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } /// BootstrapKubeConfigs defines the ordered list of bootstrap kubeconfigs. The order decides which bootstrap kubeconfig to use first when rebootstrap. diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmalertmanagerconfigs.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmalertmanagerconfigs.rs index b54fdf3f5..1ad13db18 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmalertmanagerconfigs.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmalertmanagerconfigs.rs @@ -82,7 +82,7 @@ pub struct VMAlertmanagerConfigMuteTimeIntervalsTimeIntervals { /// Location in golang time location form, e.g. UTC #[serde(default, skip_serializing_if = "Option::is_none")] pub location: Option, - /// Months defines list of calendar months identified by a case-insentive name (e.g. ‘January’) or numeric 1. + /// Months defines list of calendar months identified by a case-insensitive name (e.g. ‘January’) or numeric 1. /// For example, ['1:3', 'may:august', 'december'] #[serde(default, skip_serializing_if = "Option::is_none")] pub months: Option>, @@ -2507,7 +2507,7 @@ pub struct VMAlertmanagerConfigTimeIntervalsTimeIntervals { /// Location in golang time location form, e.g. UTC #[serde(default, skip_serializing_if = "Option::is_none")] pub location: Option, - /// Months defines list of calendar months identified by a case-insentive name (e.g. ‘January’) or numeric 1. + /// Months defines list of calendar months identified by a case-insensitive name (e.g. ‘January’) or numeric 1. /// For example, ['1:3', 'may:august', 'december'] #[serde(default, skip_serializing_if = "Option::is_none")] pub months: Option>, diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs index 376fbcb64..6d176ec4c 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs @@ -96,7 +96,7 @@ pub struct VMNodeScrapeSpec { /// TLSConfig specifies TLSConfig configuration parameters. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, - /// VMScrapeParams defines VictoriaMetrics specific scrape parametrs + /// VMScrapeParams defines VictoriaMetrics specific scrape parameters #[serde(default, skip_serializing_if = "Option::is_none")] pub vm_scrape_params: Option, } @@ -552,7 +552,7 @@ pub struct VMNodeScrapeTlsConfigKeySecret { pub optional: Option, } -/// VMScrapeParams defines VictoriaMetrics specific scrape parametrs +/// VMScrapeParams defines VictoriaMetrics specific scrape parameters #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VMNodeScrapeVmScrapeParams { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs index 89b8ab57e..a26a4d5c3 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs @@ -150,7 +150,7 @@ pub struct VMPodScrapePodMetricsEndpoints { /// TLSConfig configuration to use when scraping the endpoint #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, - /// VMScrapeParams defines VictoriaMetrics specific scrape parametrs + /// VMScrapeParams defines VictoriaMetrics specific scrape parameters #[serde(default, skip_serializing_if = "Option::is_none")] pub vm_scrape_params: Option, } @@ -585,7 +585,7 @@ pub struct VMPodScrapePodMetricsEndpointsTlsConfigKeySecret { pub optional: Option, } -/// VMScrapeParams defines VictoriaMetrics specific scrape parametrs +/// VMScrapeParams defines VictoriaMetrics specific scrape parameters #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VMPodScrapePodMetricsEndpointsVmScrapeParams { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs index 1d9b9758c..2109a45dc 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs @@ -81,7 +81,7 @@ pub struct VMProbeSpec { /// The prober.URL parameter is required. Targets cannot be probed if left empty. #[serde(rename = "vmProberSpec")] pub vm_prober_spec: VMProbeVmProberSpec, - /// VMScrapeParams defines VictoriaMetrics specific scrape parametrs + /// VMScrapeParams defines VictoriaMetrics specific scrape parameters #[serde(default, skip_serializing_if = "Option::is_none")] pub vm_scrape_params: Option, } @@ -607,7 +607,7 @@ pub enum VMProbeVmProberSpecScheme { Https, } -/// VMScrapeParams defines VictoriaMetrics specific scrape parametrs +/// VMScrapeParams defines VictoriaMetrics specific scrape parameters #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VMProbeVmScrapeParams { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs index 41bf0aed0..2a2f3c9bf 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs @@ -153,7 +153,7 @@ pub struct VMServiceScrapeEndpoints { /// TLSConfig configuration to use when scraping the endpoint #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, - /// VMScrapeParams defines VictoriaMetrics specific scrape parametrs + /// VMScrapeParams defines VictoriaMetrics specific scrape parameters #[serde(default, skip_serializing_if = "Option::is_none")] pub vm_scrape_params: Option, } @@ -588,7 +588,7 @@ pub struct VMServiceScrapeEndpointsTlsConfigKeySecret { pub optional: Option, } -/// VMScrapeParams defines VictoriaMetrics specific scrape parametrs +/// VMScrapeParams defines VictoriaMetrics specific scrape parameters #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VMServiceScrapeEndpointsVmScrapeParams { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs index f690c6843..56b3d9096 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs @@ -110,7 +110,7 @@ pub struct VMStaticScrapeTargetEndpoints { /// TLSConfig configuration to use when scraping the endpoint #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, - /// VMScrapeParams defines VictoriaMetrics specific scrape parametrs + /// VMScrapeParams defines VictoriaMetrics specific scrape parameters #[serde(default, skip_serializing_if = "Option::is_none")] pub vm_scrape_params: Option, } @@ -536,7 +536,7 @@ pub struct VMStaticScrapeTargetEndpointsTlsConfigKeySecret { pub optional: Option, } -/// VMScrapeParams defines VictoriaMetrics specific scrape parametrs +/// VMScrapeParams defines VictoriaMetrics specific scrape parameters #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VMStaticScrapeTargetEndpointsVmScrapeParams { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/org_eclipse_che/v1/checlusters.rs b/kube-custom-resources-rs/src/org_eclipse_che/v1/checlusters.rs index c010488cd..6cb6d9804 100644 --- a/kube-custom-resources-rs/src/org_eclipse_che/v1/checlusters.rs +++ b/kube-custom-resources-rs/src/org_eclipse_che/v1/checlusters.rs @@ -11,7 +11,11 @@ mod prelude { } use self::prelude::*; -/// Desired configuration of the Che installation. Based on these settings, the Operator automatically creates and maintains several ConfigMaps that will contain the appropriate environment variables the various components of the Che installation. These generated ConfigMaps must NOT be updated manually. +/// Desired configuration of the Che installation. +/// Based on these settings, the Operator automatically creates and maintains +/// several ConfigMaps that will contain the appropriate environment variables +/// the various components of the Che installation. +/// These generated ConfigMaps must NOT be updated manually. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "org.eclipse.che", version = "v1", kind = "CheCluster", plural = "checlusters")] #[kube(namespaced)] @@ -55,16 +59,24 @@ pub struct CheClusterSpec { /// Configuration settings related to the Authentication used by the Che installation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuth { - /// Deprecated. The value of this flag is ignored. Debug internal identity provider. + /// Deprecated. The value of this flag is ignored. + /// Debug internal identity provider. #[serde(default, skip_serializing_if = "Option::is_none")] pub debug: Option, - /// Deprecated. The value of this flag is ignored. Instructs the Operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). Instructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance). By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`, no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use. See also all the other fields starting with: `identityProvider`. + /// Deprecated. The value of this flag is ignored. + /// Instructs the Operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). + /// Instructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance). + /// By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`, + /// no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use. + /// See also all the other fields starting with: `identityProvider`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalIdentityProvider")] pub external_identity_provider: Option, - /// Gateway sidecar responsible for authentication when NativeUserMode is enabled. See link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy] or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy]. + /// Gateway sidecar responsible for authentication when NativeUserMode is enabled. + /// See link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy] or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy]. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gatewayAuthenticationSidecarImage")] pub gateway_authentication_sidecar_image: Option, - /// Gateway sidecar responsible for authorization when NativeUserMode is enabled. See link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy] or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy] + /// Gateway sidecar responsible for authorization when NativeUserMode is enabled. + /// See link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy] or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy] #[serde(default, skip_serializing_if = "Option::is_none", rename = "gatewayAuthorizationSidecarImage")] pub gateway_authorization_sidecar_image: Option, /// List of environment variables to set in the Configbump container. @@ -82,67 +94,117 @@ pub struct CheClusterAuth { /// List of environment variables to set in the OAuth proxy container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gatewayOAuthProxyEnv")] pub gateway_o_auth_proxy_env: Option>, - /// Deprecated. The value of this flag is ignored. Overrides the name of the Identity Provider administrator user. Defaults to `admin`. + /// Deprecated. The value of this flag is ignored. + /// Overrides the name of the Identity Provider administrator user. Defaults to `admin`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderAdminUserName")] pub identity_provider_admin_user_name: Option, - /// Deprecated. The value of this flag is ignored. Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`. + /// Deprecated. The value of this flag is ignored. + /// Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che. + /// Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. + /// When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderClientId")] pub identity_provider_client_id: Option, - /// Deprecated. The value of this flag is ignored. Identity provider container custom settings. + /// Deprecated. The value of this flag is ignored. + /// Identity provider container custom settings. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderContainerResources")] pub identity_provider_container_resources: Option, - /// Deprecated. The value of this flag is ignored. Overrides the container image used in the Identity Provider, Keycloak or RH-SSO, deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. + /// Deprecated. The value of this flag is ignored. + /// Overrides the container image used in the Identity Provider, Keycloak or RH-SSO, deployment. + /// This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderImage")] pub identity_provider_image: Option, - /// Deprecated. The value of this flag is ignored. Overrides the image pull policy used in the Identity Provider, Keycloak or RH-SSO, deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. + /// Deprecated. The value of this flag is ignored. + /// Overrides the image pull policy used in the Identity Provider, Keycloak or RH-SSO, deployment. + /// Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderImagePullPolicy")] pub identity_provider_image_pull_policy: Option, - /// Deprecated. The value of this flag is ignored. Ingress custom settings. + /// Deprecated. The value of this flag is ignored. + /// Ingress custom settings. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderIngress")] pub identity_provider_ingress: Option, - /// Deprecated. The value of this flag is ignored. Overrides the password of Keycloak administrator user. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. + /// Deprecated. The value of this flag is ignored. + /// Overrides the password of Keycloak administrator user. + /// Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. + /// When omitted or left blank, it is set to an auto-generated password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderPassword")] pub identity_provider_password: Option, - /// Deprecated. The value of this flag is ignored. Password for a Identity Provider, Keycloak or RH-SSO, to connect to the database. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. + /// Deprecated. The value of this flag is ignored. + /// Password for a Identity Provider, Keycloak or RH-SSO, to connect to the database. + /// Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. + /// When omitted or left blank, it is set to an auto-generated password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderPostgresPassword")] pub identity_provider_postgres_password: Option, - /// Deprecated. The value of this flag is ignored. The secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database. When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. + /// Deprecated. The value of this flag is ignored. + /// The secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database. + /// When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies: + /// 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. + /// 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. + /// The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderPostgresSecret")] pub identity_provider_postgres_secret: Option, - /// Deprecated. The value of this flag is ignored. Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field. + /// Deprecated. The value of this flag is ignored. + /// Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che. + /// Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. + /// When omitted or left blank, it is set to the value of the `flavour` field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderRealm")] pub identity_provider_realm: Option, - /// Deprecated. The value of this flag is ignored. Route custom settings. + /// Deprecated. The value of this flag is ignored. + /// Route custom settings. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderRoute")] pub identity_provider_route: Option, - /// Deprecated. The value of this flag is ignored. The secret that contains `user` and `password` for Identity Provider. When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. + /// Deprecated. The value of this flag is ignored. + /// The secret that contains `user` and `password` for Identity Provider. + /// When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored. + /// When the value is omitted or left blank, the one of following scenarios applies: + /// 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. + /// 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name + /// `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. + /// The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderSecret")] pub identity_provider_secret: Option, - /// Public URL of the Identity Provider server (Keycloak / RH-SSO server). Set this ONLY when a use of an external Identity Provider is needed. See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator. + /// Public URL of the Identity Provider server (Keycloak / RH-SSO server). + /// Set this ONLY when a use of an external Identity Provider is needed. + /// See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderURL")] pub identity_provider_url: Option, - /// Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`. Default value is `id_token`. This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. + /// Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`. + /// Default value is `id_token`. + /// This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityToken")] pub identity_token: Option, - /// Deprecated. The value of this flag is ignored. For operating with the OpenShift OAuth authentication, create a new user account since the kubeadmin can not be used. If the value is true, then a new OpenShift OAuth user will be created for the HTPasswd identity provider. If the value is false and the user has already been created, then it will be removed. If value is an empty, then do nothing. The user's credentials are stored in the `openshift-oauth-user-credentials` secret in 'openshift-config' namespace by Operator. Note that this solution is Openshift 4 platform-specific. + /// Deprecated. The value of this flag is ignored. + /// For operating with the OpenShift OAuth authentication, create a new user account since the kubeadmin can not be used. + /// If the value is true, then a new OpenShift OAuth user will be created for the HTPasswd identity provider. + /// If the value is false and the user has already been created, then it will be removed. + /// If value is an empty, then do nothing. + /// The user's credentials are stored in the `openshift-oauth-user-credentials` secret in 'openshift-config' namespace by Operator. + /// Note that this solution is Openshift 4 platform-specific. #[serde(default, skip_serializing_if = "Option::is_none", rename = "initialOpenShiftOAuthUser")] pub initial_open_shift_o_auth_user: Option, - /// Deprecated. The value of this flag is ignored. Enables native user mode. Currently works only on OpenShift and DevWorkspace engine. Native User mode uses OpenShift OAuth directly as identity provider, without Keycloak. + /// Deprecated. The value of this flag is ignored. + /// Enables native user mode. Currently works only on OpenShift and DevWorkspace engine. + /// Native User mode uses OpenShift OAuth directly as identity provider, without Keycloak. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nativeUserMode")] pub native_user_mode: Option, /// Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OpenShiftoAuth` field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "oAuthClientName")] pub o_auth_client_name: Option, - /// Access Token Scope. This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. + /// Access Token Scope. + /// This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. #[serde(default, skip_serializing_if = "Option::is_none", rename = "oAuthScope")] pub o_auth_scope: Option, /// Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OAuthClientName` field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "oAuthSecret")] pub o_auth_secret: Option, - /// Deprecated. The value of this flag is ignored. Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Empty value on OpenShift by default. This will allow users to directly login with their OpenShift user through the OpenShift login, and have their workspaces created under personal OpenShift namespaces. WARNING: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. + /// Deprecated. The value of this flag is ignored. + /// Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. + /// Empty value on OpenShift by default. This will allow users to directly login with their OpenShift user through the OpenShift login, + /// and have their workspaces created under personal OpenShift namespaces. + /// WARNING: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. #[serde(default, skip_serializing_if = "Option::is_none", rename = "openShiftoAuth")] pub open_shifto_auth: Option, - /// Deprecated. The value of this flag is ignored. Forces the default `admin` Che user to update password on first login. Defaults to `false`. + /// Deprecated. The value of this flag is ignored. + /// Forces the default `admin` Che user to update password on first login. Defaults to `false`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateAdminPassword")] pub update_admin_password: Option, } @@ -152,7 +214,15 @@ pub struct CheClusterAuth { pub struct CheClusterAuthGatewayConfigBumpEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -166,10 +236,12 @@ pub struct CheClusterAuthGatewayConfigBumpEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -182,7 +254,9 @@ pub struct CheClusterAuthGatewayConfigBumpEnvValueFrom { pub struct CheClusterAuthGatewayConfigBumpEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -190,7 +264,8 @@ pub struct CheClusterAuthGatewayConfigBumpEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuthGatewayConfigBumpEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -201,7 +276,8 @@ pub struct CheClusterAuthGatewayConfigBumpEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuthGatewayConfigBumpEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -219,7 +295,9 @@ pub struct CheClusterAuthGatewayConfigBumpEnvValueFromResourceFieldRef { pub struct CheClusterAuthGatewayConfigBumpEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -232,7 +310,15 @@ pub struct CheClusterAuthGatewayConfigBumpEnvValueFromSecretKeyRef { pub struct CheClusterAuthGatewayEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -246,10 +332,12 @@ pub struct CheClusterAuthGatewayEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -262,7 +350,9 @@ pub struct CheClusterAuthGatewayEnvValueFrom { pub struct CheClusterAuthGatewayEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -270,7 +360,8 @@ pub struct CheClusterAuthGatewayEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuthGatewayEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -281,7 +372,8 @@ pub struct CheClusterAuthGatewayEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuthGatewayEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -299,7 +391,9 @@ pub struct CheClusterAuthGatewayEnvValueFromResourceFieldRef { pub struct CheClusterAuthGatewayEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -312,7 +406,15 @@ pub struct CheClusterAuthGatewayEnvValueFromSecretKeyRef { pub struct CheClusterAuthGatewayKubeRbacProxyEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -326,10 +428,12 @@ pub struct CheClusterAuthGatewayKubeRbacProxyEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -342,7 +446,9 @@ pub struct CheClusterAuthGatewayKubeRbacProxyEnvValueFrom { pub struct CheClusterAuthGatewayKubeRbacProxyEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -350,7 +456,8 @@ pub struct CheClusterAuthGatewayKubeRbacProxyEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuthGatewayKubeRbacProxyEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -361,7 +468,8 @@ pub struct CheClusterAuthGatewayKubeRbacProxyEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuthGatewayKubeRbacProxyEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -379,7 +487,9 @@ pub struct CheClusterAuthGatewayKubeRbacProxyEnvValueFromResourceFieldRef { pub struct CheClusterAuthGatewayKubeRbacProxyEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -392,7 +502,15 @@ pub struct CheClusterAuthGatewayKubeRbacProxyEnvValueFromSecretKeyRef { pub struct CheClusterAuthGatewayOAuthProxyEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -406,10 +524,12 @@ pub struct CheClusterAuthGatewayOAuthProxyEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -422,7 +542,9 @@ pub struct CheClusterAuthGatewayOAuthProxyEnvValueFrom { pub struct CheClusterAuthGatewayOAuthProxyEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -430,7 +552,8 @@ pub struct CheClusterAuthGatewayOAuthProxyEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuthGatewayOAuthProxyEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -441,7 +564,8 @@ pub struct CheClusterAuthGatewayOAuthProxyEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuthGatewayOAuthProxyEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -459,7 +583,9 @@ pub struct CheClusterAuthGatewayOAuthProxyEnvValueFromResourceFieldRef { pub struct CheClusterAuthGatewayOAuthProxyEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -467,7 +593,8 @@ pub struct CheClusterAuthGatewayOAuthProxyEnvValueFromSecretKeyRef { pub optional: Option, } -/// Deprecated. The value of this flag is ignored. Identity provider container custom settings. +/// Deprecated. The value of this flag is ignored. +/// Identity provider container custom settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuthIdentityProviderContainerResources { /// Limits describes the maximum amount of compute resources allowed. @@ -500,7 +627,8 @@ pub struct CheClusterAuthIdentityProviderContainerResourcesRequest { pub memory: Option, } -/// Deprecated. The value of this flag is ignored. Ingress custom settings. +/// Deprecated. The value of this flag is ignored. +/// Ingress custom settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuthIdentityProviderIngress { /// Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. @@ -511,13 +639,16 @@ pub struct CheClusterAuthIdentityProviderIngress { pub labels: Option, } -/// Deprecated. The value of this flag is ignored. Route custom settings. +/// Deprecated. The value of this flag is ignored. +/// Route custom settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterAuthIdentityProviderRoute { /// Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`. + /// Operator uses the domain to generate a hostname for a route. + /// In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. + /// The generated host name will follow this pattern: `-.`. #[serde(default, skip_serializing_if = "Option::is_none")] pub domain: Option, /// Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. @@ -542,22 +673,33 @@ pub struct CheClusterDatabase { /// PostgreSQL database name that the Che server uses to connect to the DB. Defaults to `dbche`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "chePostgresDb")] pub che_postgres_db: Option, - /// PostgreSQL Database host name that the Che server uses to connect to. Defaults is `postgres`. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. + /// PostgreSQL Database host name that the Che server uses to connect to. + /// Defaults is `postgres`. Override this value ONLY when using an external database. See field `externalDb`. + /// In the default case it will be automatically set by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "chePostgresHostName")] pub che_postgres_host_name: Option, /// PostgreSQL password that the Che server uses to connect to the DB. When omitted or left blank, it will be set to an automatically generated value. #[serde(default, skip_serializing_if = "Option::is_none", rename = "chePostgresPassword")] pub che_postgres_password: Option, - /// PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. + /// PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432. + /// Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "chePostgresPort")] pub che_postgres_port: Option, - /// The secret that contains PostgreSQL`user` and `password` that the Che server uses to connect to the DB. When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `postgres-credentials` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. + /// The secret that contains PostgreSQL`user` and `password` that the Che server uses to connect to the DB. + /// When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. + /// When the value is omitted or left blank, the one of following scenarios applies: + /// 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. + /// 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `postgres-credentials` + /// will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. + /// The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. #[serde(default, skip_serializing_if = "Option::is_none", rename = "chePostgresSecret")] pub che_postgres_secret: Option, /// PostgreSQL user that the Che server uses to connect to the DB. Defaults to `pgche`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "chePostgresUser")] pub che_postgres_user: Option, - /// Instructs the Operator on whether to deploy a dedicated database. By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with: `chePostgres`. + /// Instructs the Operator on whether to deploy a dedicated database. + /// By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the + /// Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with: `chePostgres`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalDb")] pub external_db: Option, /// List of environment variables to set in the PostgreSQL container. @@ -569,10 +711,12 @@ pub struct CheClusterDatabase { /// Overrides the image pull policy used in the PostgreSQL database deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. #[serde(default, skip_serializing_if = "Option::is_none", rename = "postgresImagePullPolicy")] pub postgres_image_pull_policy: Option, - /// Indicates a PostgreSQL version image to use. Allowed values are: `9.6` and `13.3`. Migrate your PostgreSQL database to switch from one version to another. + /// Indicates a PostgreSQL version image to use. Allowed values are: `9.6` and `13.3`. + /// Migrate your PostgreSQL database to switch from one version to another. #[serde(default, skip_serializing_if = "Option::is_none", rename = "postgresVersion")] pub postgres_version: Option, - /// Size of the persistent volume claim for database. Defaults to `1Gi`. To update pvc storageclass that provisions it must support resize when Eclipse Che has been already deployed. + /// Size of the persistent volume claim for database. Defaults to `1Gi`. + /// To update pvc storageclass that provisions it must support resize when Eclipse Che has been already deployed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pvcClaimSize")] pub pvc_claim_size: Option, } @@ -615,7 +759,15 @@ pub struct CheClusterDatabaseChePostgresContainerResourcesRequest { pub struct CheClusterDatabasePostgresEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -629,10 +781,12 @@ pub struct CheClusterDatabasePostgresEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -645,7 +799,9 @@ pub struct CheClusterDatabasePostgresEnvValueFrom { pub struct CheClusterDatabasePostgresEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -653,7 +809,8 @@ pub struct CheClusterDatabasePostgresEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDatabasePostgresEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -664,7 +821,8 @@ pub struct CheClusterDatabasePostgresEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDatabasePostgresEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -682,7 +840,9 @@ pub struct CheClusterDatabasePostgresEnvValueFromResourceFieldRef { pub struct CheClusterDatabasePostgresEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -693,10 +853,13 @@ pub struct CheClusterDatabasePostgresEnvValueFromSecretKeyRef { /// DevWorkspace operator configuration #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevWorkspace { - /// Overrides the container image used in the DevWorkspace controller deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. + /// Overrides the container image used in the DevWorkspace controller deployment. + /// This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "controllerImage")] pub controller_image: Option, - /// Deploys the DevWorkspace Operator in the cluster. Does nothing when a matching version of the Operator is already installed. Fails when a non-matching version of the Operator is already installed. + /// Deploys the DevWorkspace Operator in the cluster. + /// Does nothing when a matching version of the Operator is already installed. + /// Fails when a non-matching version of the Operator is already installed. pub enable: bool, /// List of environment variables to set in the DevWorkspace container. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -704,10 +867,14 @@ pub struct CheClusterDevWorkspace { /// Maximum number of the running workspaces per user. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runningLimit")] pub running_limit: Option, - /// Idle timeout for workspaces in seconds. This timeout is the duration after which a workspace will be idled if there is no activity. To disable workspace idling due to inactivity, set this value to -1. + /// Idle timeout for workspaces in seconds. + /// This timeout is the duration after which a workspace will be idled if there is no activity. + /// To disable workspace idling due to inactivity, set this value to -1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secondsOfInactivityBeforeIdling")] pub seconds_of_inactivity_before_idling: Option, - /// Run timeout for workspaces in seconds. This timeout is the maximum duration a workspace runs. To disable workspace run timeout, set this value to -1. + /// Run timeout for workspaces in seconds. + /// This timeout is the maximum duration a workspace runs. + /// To disable workspace run timeout, set this value to -1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secondsOfRunBeforeIdling")] pub seconds_of_run_before_idling: Option, } @@ -717,7 +884,15 @@ pub struct CheClusterDevWorkspace { pub struct CheClusterDevWorkspaceEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -731,10 +906,12 @@ pub struct CheClusterDevWorkspaceEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -747,7 +924,9 @@ pub struct CheClusterDevWorkspaceEnvValueFrom { pub struct CheClusterDevWorkspaceEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -755,7 +934,8 @@ pub struct CheClusterDevWorkspaceEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevWorkspaceEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -766,7 +946,8 @@ pub struct CheClusterDevWorkspaceEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevWorkspaceEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -784,7 +965,9 @@ pub struct CheClusterDevWorkspaceEnvValueFromResourceFieldRef { pub struct CheClusterDevWorkspaceEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -809,10 +992,14 @@ pub struct CheClusterGitServices { /// BitBucketService enables users to work with repositories hosted on Bitbucket (bitbucket.org or self-hosted). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterGitServicesBitbucket { - /// Bitbucket server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/. + /// Bitbucket server endpoint URL. + /// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + /// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, - /// Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/. + /// Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data. + /// See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ + /// and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/. #[serde(rename = "secretName")] pub secret_name: String, } @@ -820,10 +1007,13 @@ pub struct CheClusterGitServicesBitbucket { /// GitHubService enables users to work with repositories hosted on GitHub (GitHub.com or GitHub Enterprise). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterGitServicesGithub { - /// GitHub server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. + /// GitHub server endpoint URL. + /// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + /// See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, - /// Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. + /// Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret. + /// See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. #[serde(rename = "secretName")] pub secret_name: String, } @@ -831,10 +1021,13 @@ pub struct CheClusterGitServicesGithub { /// GitLabService enables users to work with repositories hosted on GitLab (gitlab.com or self-hosted). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterGitServicesGitlab { - /// GitLab server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. + /// GitLab server endpoint URL. + /// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + /// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, - /// Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. + /// Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret. + /// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. #[serde(rename = "secretName")] pub secret_name: String, } @@ -842,7 +1035,14 @@ pub struct CheClusterGitServicesGitlab { /// Kubernetes Image Puller configuration #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterImagePuller { - /// Install and configure the Community Supported Kubernetes Image Puller Operator. When set to `true` and no spec is provided, it will create a default KubernetesImagePuller object to be managed by the Operator. When set to `false`, the KubernetesImagePuller object will be deleted, and the Operator will be uninstalled, regardless of whether a spec is provided. If the `spec.images` field is empty, a set of recommended workspace-related images will be automatically detected and pre-pulled after installation. Note that while this Operator and its behavior is community-supported, its payload may be commercially-supported for pulling commercially-supported images. + /// Install and configure the Community Supported Kubernetes Image Puller Operator. When set to `true` and no spec is provided, + /// it will create a default KubernetesImagePuller object to be managed by the Operator. + /// When set to `false`, the KubernetesImagePuller object will be deleted, and the Operator will be uninstalled, + /// regardless of whether a spec is provided. + /// If the `spec.images` field is empty, a set of recommended workspace-related images will be automatically detected and + /// pre-pulled after installation. + /// Note that while this Operator and its behavior is community-supported, its payload may be commercially-supported + /// for pulling commercially-supported images. pub enable: bool, /// A KubernetesImagePullerSpec to configure the image puller in the CheCluster #[serde(default, skip_serializing_if = "Option::is_none")] @@ -883,13 +1083,18 @@ pub struct CheClusterImagePullerSpec { /// Configuration settings specific to Che installations made on upstream Kubernetes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterK8s { - /// Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`. NB: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses. + /// Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`. + /// NB: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressClass")] pub ingress_class: Option, /// Global ingress domain for a Kubernetes cluster. This MUST be explicitly specified: there are no defaults. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressDomain")] pub ingress_domain: Option, - /// Deprecated. The value of this flag is ignored. Strategy for ingress creation. Options are: `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules). Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section, which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence. + /// Deprecated. The value of this flag is ignored. + /// Strategy for ingress creation. Options are: `multi-host` (host is explicitly provided in ingress), + /// `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules). + /// Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section, + /// which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressStrategy")] pub ingress_strategy: Option, /// The FSGroup in which the Che Pod and workspace Pods containers runs in. Default value is `1724`. @@ -898,10 +1103,15 @@ pub struct CheClusterK8s { /// ID of the user the Che Pod and workspace Pods containers run as. Default value is `1724`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContextRunAsUser")] pub security_context_run_as_user: Option, - /// Deprecated. The value of this flag is ignored. When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s or `gateway` where the server and workspaces are exposed using a custom gateway based on link:https://doc.traefik.io/traefik/[Traefik]. All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`. + /// Deprecated. The value of this flag is ignored. + /// When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. + /// The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s + /// or `gateway` where the server and workspaces are exposed using a custom gateway based on link:https://doc.traefik.io/traefik/[Traefik]. + /// All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "singleHostExposureType")] pub single_host_exposure_type: Option, - /// Name of a secret that will be used to setup ingress TLS termination when TLS is enabled. When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field. + /// Name of a secret that will be used to setup ingress TLS termination when TLS is enabled. + /// When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsSecretName")] pub tls_secret_name: Option, } @@ -917,40 +1127,57 @@ pub struct CheClusterMetrics { /// General configuration settings related to the Che server, the plugin and devfile registries #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServer { - /// Optional host name, or URL, to an alternate container registry to pull images from. This value overrides the container registry host name defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in a restricted environment. + /// Optional host name, or URL, to an alternate container registry to pull images from. + /// This value overrides the container registry host name defined in all the default container images involved in a Che deployment. + /// This is particularly useful to install Che in a restricted environment. #[serde(default, skip_serializing_if = "Option::is_none", rename = "airGapContainerRegistryHostname")] pub air_gap_container_registry_hostname: Option, - /// Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install Eclipse Che in a restricted environment. + /// Optional repository name of an alternate container registry to pull images from. + /// This value overrides the container registry organization defined in all the default container images involved in a Che deployment. + /// This is particularly useful to install Eclipse Che in a restricted environment. #[serde(default, skip_serializing_if = "Option::is_none", rename = "airGapContainerRegistryOrganization")] pub air_gap_container_registry_organization: Option, - /// Indicates if is allowed to automatically create a user namespace. If it set to false, then user namespace must be pre-created by a cluster administrator. + /// Indicates if is allowed to automatically create a user namespace. + /// If it set to false, then user namespace must be pre-created by a cluster administrator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowAutoProvisionUserNamespace")] pub allow_auto_provision_user_namespace: Option, - /// Deprecated. The value of this flag is ignored. Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default. It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property. + /// Deprecated. The value of this flag is ignored. + /// Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default. + /// It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowUserDefinedWorkspaceNamespaces")] pub allow_user_defined_workspace_namespaces: Option, - /// A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org` label. Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them. + /// A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. + /// Each role must have `app.kubernetes.io/part-of=che.eclipse.org` label. + /// Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cheClusterRoles")] pub che_cluster_roles: Option, /// Enables the debug mode for Che server. Defaults to `false`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cheDebug")] pub che_debug: Option, - /// Deprecated. The value of this flag is ignored. Specifies a variation of the installation. The options are `che` for upstream Che installations or `devspaces` for Red Hat OpenShift Dev Spaces (formerly Red Hat CodeReady Workspaces) installation + /// Deprecated. The value of this flag is ignored. + /// Specifies a variation of the installation. The options are `che` for upstream Che installations or + /// `devspaces` for Red Hat OpenShift Dev Spaces (formerly Red Hat CodeReady Workspaces) installation #[serde(default, skip_serializing_if = "Option::is_none", rename = "cheFlavor")] pub che_flavor: Option, - /// Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator. See the `cheHostTLSSecret` field. + /// Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator. + /// See the `cheHostTLSSecret` field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cheHost")] pub che_host: Option, - /// Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. See the `cheHost` field. + /// Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server. + /// The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. + /// See the `cheHost` field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cheHostTLSSecret")] pub che_host_tls_secret: Option, - /// Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the default container image provided by the Operator. + /// Overrides the container image used in Che deployment. This does NOT include the container image tag. + /// Omit it or leave it empty to use the default container image provided by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cheImage")] pub che_image: Option, - /// Overrides the image pull policy used in Che deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. + /// Overrides the image pull policy used in Che deployment. + /// Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cheImagePullPolicy")] pub che_image_pull_policy: Option, - /// Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the default image tag provided by the Operator. + /// Overrides the tag of the container image used in Che deployment. + /// Omit it or leave it empty to use the default image tag provided by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cheImageTag")] pub che_image_tag: Option, /// Log level for the Che server: `INFO` or `DEBUG`. Defaults to `INFO`. @@ -965,28 +1192,38 @@ pub struct CheClusterServer { /// The Che server route custom settings. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cheServerRoute")] pub che_server_route: Option, - /// Custom cluster role bound to the user for the Che workspaces. The role must have `app.kubernetes.io/part-of=che.eclipse.org` label. The default roles are used when omitted or left blank. + /// Custom cluster role bound to the user for the Che workspaces. + /// The role must have `app.kubernetes.io/part-of=che.eclipse.org` label. + /// The default roles are used when omitted or left blank. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cheWorkspaceClusterRole")] pub che_workspace_cluster_role: Option, - /// Map of additional environment variables that will be applied in the generated `che` ConfigMap to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). When `customCheProperties` contains a property that would be normally generated in `che` ConfigMap from other CR fields, the value defined in the `customCheProperties` is used instead. + /// Map of additional environment variables that will be applied in the generated `che` ConfigMap to be used by the Che server, + /// in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). + /// When `customCheProperties` contains a property that would be normally generated in `che` ConfigMap from other CR fields, + /// the value defined in the `customCheProperties` is used instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "customCheProperties")] pub custom_che_properties: Option>, - /// Overrides the CPU limit used in the dashboard deployment. In cores. (500m = .5 cores). Default to 500m. + /// Overrides the CPU limit used in the dashboard deployment. + /// In cores. (500m = .5 cores). Default to 500m. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dashboardCpuLimit")] pub dashboard_cpu_limit: Option, - /// Overrides the CPU request used in the dashboard deployment. In cores. (500m = .5 cores). Default to 100m. + /// Overrides the CPU request used in the dashboard deployment. + /// In cores. (500m = .5 cores). Default to 100m. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dashboardCpuRequest")] pub dashboard_cpu_request: Option, /// List of environment variables to set in the dashboard container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dashboardEnv")] pub dashboard_env: Option>, - /// Overrides the container image used in the dashboard deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. + /// Overrides the container image used in the dashboard deployment. + /// This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dashboardImage")] pub dashboard_image: Option, - /// Overrides the image pull policy used in the dashboard deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. + /// Overrides the image pull policy used in the dashboard deployment. + /// Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dashboardImagePullPolicy")] pub dashboard_image_pull_policy: Option, - /// Deprecated. The value of this flag is ignored. Dashboard ingress custom settings. + /// Deprecated. The value of this flag is ignored. + /// Dashboard ingress custom settings. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dashboardIngress")] pub dashboard_ingress: Option, /// Overrides the memory limit used in the dashboard deployment. Defaults to 256Mi. @@ -995,22 +1232,27 @@ pub struct CheClusterServer { /// Overrides the memory request used in the dashboard deployment. Defaults to 16Mi. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dashboardMemoryRequest")] pub dashboard_memory_request: Option, - /// Deprecated. The value of this flag is ignored. Dashboard route custom settings. + /// Deprecated. The value of this flag is ignored. + /// Dashboard route custom settings. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dashboardRoute")] pub dashboard_route: Option, - /// Overrides the CPU limit used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 500m. + /// Overrides the CPU limit used in the devfile registry deployment. + /// In cores. (500m = .5 cores). Default to 500m. #[serde(default, skip_serializing_if = "Option::is_none", rename = "devfileRegistryCpuLimit")] pub devfile_registry_cpu_limit: Option, - /// Overrides the CPU request used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 100m. + /// Overrides the CPU request used in the devfile registry deployment. + /// In cores. (500m = .5 cores). Default to 100m. #[serde(default, skip_serializing_if = "Option::is_none", rename = "devfileRegistryCpuRequest")] pub devfile_registry_cpu_request: Option, /// List of environment variables to set in the plugin registry container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "devfileRegistryEnv")] pub devfile_registry_env: Option>, - /// Overrides the container image used in the devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. + /// Overrides the container image used in the devfile registry deployment. + /// This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "devfileRegistryImage")] pub devfile_registry_image: Option, - /// Deprecated. The value of this flag is ignored. The devfile registry ingress custom settings. + /// Deprecated. The value of this flag is ignored. + /// The devfile registry ingress custom settings. #[serde(default, skip_serializing_if = "Option::is_none", rename = "devfileRegistryIngress")] pub devfile_registry_ingress: Option, /// Overrides the memory limit used in the devfile registry deployment. Defaults to 256Mi. @@ -1019,49 +1261,68 @@ pub struct CheClusterServer { /// Overrides the memory request used in the devfile registry deployment. Defaults to 16Mi. #[serde(default, skip_serializing_if = "Option::is_none", rename = "devfileRegistryMemoryRequest")] pub devfile_registry_memory_request: Option, - /// Overrides the image pull policy used in the devfile registry deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. + /// Overrides the image pull policy used in the devfile registry deployment. + /// Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. #[serde(default, skip_serializing_if = "Option::is_none", rename = "devfileRegistryPullPolicy")] pub devfile_registry_pull_policy: Option, - /// Deprecated. The value of this flag is ignored. The devfile registry route custom settings. + /// Deprecated. The value of this flag is ignored. + /// The devfile registry route custom settings. #[serde(default, skip_serializing_if = "Option::is_none", rename = "devfileRegistryRoute")] pub devfile_registry_route: Option, /// Deprecated in favor of `externalDevfileRegistries` fields. #[serde(default, skip_serializing_if = "Option::is_none", rename = "devfileRegistryUrl")] pub devfile_registry_url: Option, - /// Deprecated. The value of this flag is ignored. Disable internal cluster SVC names usage to communicate between components to speed up the traffic and avoid proxy issues. + /// Deprecated. The value of this flag is ignored. + /// Disable internal cluster SVC names usage to communicate between components to speed up the traffic and avoid proxy issues. #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableInternalClusterSVCNames")] pub disable_internal_cluster_svc_names: Option, - /// External devfile registries, that serves sample, ready-to-use devfiles. Configure this in addition to a dedicated devfile registry (when `externalDevfileRegistry` is `false`) or instead of it (when `externalDevfileRegistry` is `true`) + /// External devfile registries, that serves sample, ready-to-use devfiles. + /// Configure this in addition to a dedicated devfile registry (when `externalDevfileRegistry` is `false`) + /// or instead of it (when `externalDevfileRegistry` is `true`) #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalDevfileRegistries")] pub external_devfile_registries: Option>, - /// Instructs the Operator on whether to deploy a dedicated devfile registry server. By default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`, no such dedicated server will be started by the Operator and configure at least one devfile registry with `externalDevfileRegistries` field. + /// Instructs the Operator on whether to deploy a dedicated devfile registry server. + /// By default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`, + /// no such dedicated server will be started by the Operator and configure at least one + /// devfile registry with `externalDevfileRegistries` field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalDevfileRegistry")] pub external_devfile_registry: Option, - /// Instructs the Operator on whether to deploy a dedicated plugin registry server. By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field. + /// Instructs the Operator on whether to deploy a dedicated plugin registry server. + /// By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server + /// will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalPluginRegistry")] pub external_plugin_registry: Option, - /// When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git. Note, the `che-git-self-signed-cert` ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org` label. + /// When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git. + /// Note, the `che-git-self-signed-cert` ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org` label. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitSelfSignedCert")] pub git_self_signed_cert: Option, - /// List of hosts that will be reached directly, bypassing the proxy. Specify wild card domain use the following form `.` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields. + /// List of hosts that will be reached directly, bypassing the proxy. + /// Specify wild card domain use the following form `.` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32` + /// Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, + /// but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. + /// See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nonProxyHosts")] pub non_proxy_hosts: Option, /// Open VSX registry URL. If omitted an embedded instance will be used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "openVSXRegistryURL")] pub open_vsx_registry_url: Option, - /// Overrides the CPU limit used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 500m. + /// Overrides the CPU limit used in the plugin registry deployment. + /// In cores. (500m = .5 cores). Default to 500m. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginRegistryCpuLimit")] pub plugin_registry_cpu_limit: Option, - /// Overrides the CPU request used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 100m. + /// Overrides the CPU request used in the plugin registry deployment. + /// In cores. (500m = .5 cores). Default to 100m. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginRegistryCpuRequest")] pub plugin_registry_cpu_request: Option, /// List of environment variables to set in the devfile registry container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginRegistryEnv")] pub plugin_registry_env: Option>, - /// Overrides the container image used in the plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. + /// Overrides the container image used in the plugin registry deployment. + /// This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginRegistryImage")] pub plugin_registry_image: Option, - /// Deprecated. The value of this flag is ignored. Plugin registry ingress custom settings. + /// Deprecated. The value of this flag is ignored. + /// Plugin registry ingress custom settings. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginRegistryIngress")] pub plugin_registry_ingress: Option, /// Overrides the memory limit used in the plugin registry deployment. Defaults to 1536Mi. @@ -1070,40 +1331,60 @@ pub struct CheClusterServer { /// Overrides the memory request used in the plugin registry deployment. Defaults to 16Mi. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginRegistryMemoryRequest")] pub plugin_registry_memory_request: Option, - /// Overrides the image pull policy used in the plugin registry deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. + /// Overrides the image pull policy used in the plugin registry deployment. + /// Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginRegistryPullPolicy")] pub plugin_registry_pull_policy: Option, - /// Deprecated. The value of this flag is ignored. Plugin registry route custom settings. + /// Deprecated. The value of this flag is ignored. + /// Plugin registry route custom settings. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginRegistryRoute")] pub plugin_registry_route: Option, - /// Public URL of the plugin registry that serves sample ready-to-use devfiles. Set this ONLY when a use of an external devfile registry is needed. See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator. + /// Public URL of the plugin registry that serves sample ready-to-use devfiles. + /// Set this ONLY when a use of an external devfile registry is needed. + /// See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginRegistryUrl")] pub plugin_registry_url: Option, - /// Password of the proxy server. Only use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields. + /// Password of the proxy server. + /// Only use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyPassword")] pub proxy_password: Option, /// Port of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL` and `nonProxyHosts` fields. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyPort")] pub proxy_port: Option, - /// The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. + /// The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored. + /// The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxySecret")] pub proxy_secret: Option, - /// URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields. + /// URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables + /// in the Che server and workspaces containers. + /// Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration + /// and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration + /// with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. + /// See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] pub proxy_url: Option, /// User name of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL`, `proxyPassword` and `proxySecret` fields. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUser")] pub proxy_user: Option, - /// Deprecated. The value of this flag is ignored. The Che Operator will automatically detect whether the router certificate is self-signed and propagate it to other components, such as the Che server. + /// Deprecated. The value of this flag is ignored. + /// The Che Operator will automatically detect whether the router certificate is self-signed and propagate it to other components, such as the Che server. #[serde(default, skip_serializing_if = "Option::is_none", rename = "selfSignedCert")] pub self_signed_cert: Option, - /// Overrides the CPU limit used in the Che server deployment In cores. (500m = .5 cores). Default to 1. + /// Overrides the CPU limit used in the Che server deployment + /// In cores. (500m = .5 cores). Default to 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverCpuLimit")] pub server_cpu_limit: Option, - /// Overrides the CPU request used in the Che server deployment In cores. (500m = .5 cores). Default to 100m. + /// Overrides the CPU request used in the Che server deployment + /// In cores. (500m = .5 cores). Default to 100m. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverCpuRequest")] pub server_cpu_request: Option, - /// Deprecated. The value of this flag is ignored. Sets the server and workspaces exposure type. Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint. `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths. Read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes. `default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach. + /// Deprecated. The value of this flag is ignored. + /// Sets the server and workspaces exposure type. + /// Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint. + /// `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths. + /// Read the docs to learn about the limitations of this approach. + /// Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes. + /// `default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverExposureStrategy")] pub server_exposure_strategy: Option, /// Overrides the memory limit used in the Che server deployment. Defaults to 1Gi. @@ -1112,7 +1393,10 @@ pub struct CheClusterServer { /// Overrides the memory request used in the Che server deployment. Defaults to 512Mi. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverMemoryRequest")] pub server_memory_request: Option, - /// Name of the ConfigMap with public certificates to add to Java trust store of the Che server. This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. The Che server must be aware of its CA cert to be able to request it. This is disabled by default. The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org` label. + /// Name of the ConfigMap with public certificates to add to Java trust store of the Che server. + /// This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. + /// The Che server must be aware of its CA cert to be able to request it. This is disabled by default. + /// The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org` label. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverTrustStoreConfigMapName")] pub server_trust_store_config_map_name: Option, /// The labels that need to be present in the ConfigMaps representing the gateway configuration. @@ -1130,13 +1414,18 @@ pub struct CheClusterServer { /// Deprecated in favor of `disableInternalClusterSVCNames`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useInternalClusterSVCNames")] pub use_internal_cluster_svc_names: Option, - /// Default components applied to DevWorkspaces. These default components are meant to be used when a Devfile does not contain any components. + /// Default components applied to DevWorkspaces. + /// These default components are meant to be used when a Devfile does not contain any components. #[serde(default, skip_serializing_if = "Option::is_none", rename = "workspaceDefaultComponents")] pub workspace_default_components: Option>, - /// The default editor to workspace create with. It could be a plugin ID or a URI. The plugin ID must have `publisher/plugin/version`. The URI must start from `http`. + /// The default editor to workspace create with. It could be a plugin ID or a URI. + /// The plugin ID must have `publisher/plugin/version`. + /// The URI must start from `http`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "workspaceDefaultEditor")] pub workspace_default_editor: Option, - /// Defines Kubernetes default namespace in which user's workspaces are created for a case when a user does not override it. It's possible to use ``, `` and `` placeholders, such as che-workspace-. In that case, a new namespace will be created for each user or workspace. + /// Defines Kubernetes default namespace in which user's workspaces are created for a case when a user does not override it. + /// It's possible to use ``, `` and `` placeholders, such as che-workspace-. + /// In that case, a new namespace will be created for each user or workspace. #[serde(default, skip_serializing_if = "Option::is_none", rename = "workspaceNamespaceDefault")] pub workspace_namespace_default: Option, /// The node selector that limits the nodes that can run the workspace pods. @@ -1155,7 +1444,15 @@ pub struct CheClusterServer { pub struct CheClusterServerCheServerEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -1169,10 +1466,12 @@ pub struct CheClusterServerCheServerEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -1185,7 +1484,9 @@ pub struct CheClusterServerCheServerEnvValueFrom { pub struct CheClusterServerCheServerEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1193,7 +1494,8 @@ pub struct CheClusterServerCheServerEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerCheServerEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -1204,7 +1506,8 @@ pub struct CheClusterServerCheServerEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerCheServerEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -1222,7 +1525,9 @@ pub struct CheClusterServerCheServerEnvValueFromResourceFieldRef { pub struct CheClusterServerCheServerEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1247,7 +1552,9 @@ pub struct CheClusterServerCheServerRoute { /// Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`. + /// Operator uses the domain to generate a hostname for a route. + /// In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. + /// The generated host name will follow this pattern: `-.`. #[serde(default, skip_serializing_if = "Option::is_none")] pub domain: Option, /// Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. @@ -1260,7 +1567,15 @@ pub struct CheClusterServerCheServerRoute { pub struct CheClusterServerDashboardEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -1274,10 +1589,12 @@ pub struct CheClusterServerDashboardEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -1290,7 +1607,9 @@ pub struct CheClusterServerDashboardEnvValueFrom { pub struct CheClusterServerDashboardEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1298,7 +1617,8 @@ pub struct CheClusterServerDashboardEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerDashboardEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -1309,7 +1629,8 @@ pub struct CheClusterServerDashboardEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerDashboardEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -1327,7 +1648,9 @@ pub struct CheClusterServerDashboardEnvValueFromResourceFieldRef { pub struct CheClusterServerDashboardEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1335,7 +1658,8 @@ pub struct CheClusterServerDashboardEnvValueFromSecretKeyRef { pub optional: Option, } -/// Deprecated. The value of this flag is ignored. Dashboard ingress custom settings. +/// Deprecated. The value of this flag is ignored. +/// Dashboard ingress custom settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerDashboardIngress { /// Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. @@ -1346,13 +1670,16 @@ pub struct CheClusterServerDashboardIngress { pub labels: Option, } -/// Deprecated. The value of this flag is ignored. Dashboard route custom settings. +/// Deprecated. The value of this flag is ignored. +/// Dashboard route custom settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerDashboardRoute { /// Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`. + /// Operator uses the domain to generate a hostname for a route. + /// In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. + /// The generated host name will follow this pattern: `-.`. #[serde(default, skip_serializing_if = "Option::is_none")] pub domain: Option, /// Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. @@ -1365,7 +1692,15 @@ pub struct CheClusterServerDashboardRoute { pub struct CheClusterServerDevfileRegistryEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -1379,10 +1714,12 @@ pub struct CheClusterServerDevfileRegistryEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -1395,7 +1732,9 @@ pub struct CheClusterServerDevfileRegistryEnvValueFrom { pub struct CheClusterServerDevfileRegistryEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1403,7 +1742,8 @@ pub struct CheClusterServerDevfileRegistryEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerDevfileRegistryEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -1414,7 +1754,8 @@ pub struct CheClusterServerDevfileRegistryEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerDevfileRegistryEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -1432,7 +1773,9 @@ pub struct CheClusterServerDevfileRegistryEnvValueFromResourceFieldRef { pub struct CheClusterServerDevfileRegistryEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1440,7 +1783,8 @@ pub struct CheClusterServerDevfileRegistryEnvValueFromSecretKeyRef { pub optional: Option, } -/// Deprecated. The value of this flag is ignored. The devfile registry ingress custom settings. +/// Deprecated. The value of this flag is ignored. +/// The devfile registry ingress custom settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerDevfileRegistryIngress { /// Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. @@ -1451,13 +1795,16 @@ pub struct CheClusterServerDevfileRegistryIngress { pub labels: Option, } -/// Deprecated. The value of this flag is ignored. The devfile registry route custom settings. +/// Deprecated. The value of this flag is ignored. +/// The devfile registry route custom settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerDevfileRegistryRoute { /// Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`. + /// Operator uses the domain to generate a hostname for a route. + /// In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. + /// The generated host name will follow this pattern: `-.`. #[serde(default, skip_serializing_if = "Option::is_none")] pub domain: Option, /// Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. @@ -1478,7 +1825,15 @@ pub struct CheClusterServerExternalDevfileRegistries { pub struct CheClusterServerPluginRegistryEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -1492,10 +1847,12 @@ pub struct CheClusterServerPluginRegistryEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -1508,7 +1865,9 @@ pub struct CheClusterServerPluginRegistryEnvValueFrom { pub struct CheClusterServerPluginRegistryEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1516,7 +1875,8 @@ pub struct CheClusterServerPluginRegistryEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerPluginRegistryEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -1527,7 +1887,8 @@ pub struct CheClusterServerPluginRegistryEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerPluginRegistryEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -1545,7 +1906,9 @@ pub struct CheClusterServerPluginRegistryEnvValueFromResourceFieldRef { pub struct CheClusterServerPluginRegistryEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1553,7 +1916,8 @@ pub struct CheClusterServerPluginRegistryEnvValueFromSecretKeyRef { pub optional: Option, } -/// Deprecated. The value of this flag is ignored. Plugin registry ingress custom settings. +/// Deprecated. The value of this flag is ignored. +/// Plugin registry ingress custom settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerPluginRegistryIngress { /// Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. @@ -1564,13 +1928,16 @@ pub struct CheClusterServerPluginRegistryIngress { pub labels: Option, } -/// Deprecated. The value of this flag is ignored. Plugin registry route custom settings. +/// Deprecated. The value of this flag is ignored. +/// Plugin registry route custom settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerPluginRegistryRoute { /// Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`. + /// Operator uses the domain to generate a hostname for a route. + /// In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. + /// The generated host name will follow this pattern: `-.`. #[serde(default, skip_serializing_if = "Option::is_none")] pub domain: Option, /// Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. @@ -1589,25 +1956,39 @@ pub struct CheClusterServerWorkspaceDefaultComponents { /// Allows adding and configuring devworkspace-related containers #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, - /// Custom component whose logic is implementation-dependant and should be provided by the user possibly through some dedicated controller + /// Custom component whose logic is implementation-dependant + /// and should be provided by the user + /// possibly through some dedicated controller #[serde(default, skip_serializing_if = "Option::is_none")] pub custom: Option, /// Allows specifying the definition of an image for outer loop builds #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, - /// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. + /// Allows importing into the devworkspace the Kubernetes resources + /// defined in a given manifest. For example this allows reusing the Kubernetes + /// definitions used to deploy some runtime components in production. #[serde(default, skip_serializing_if = "Option::is_none")] pub kubernetes: Option, - /// Mandatory name that allows referencing the component from other elements (such as commands) or from an external devfile that may reference this component through a parent or a plugin. + /// Mandatory name that allows referencing the component + /// from other elements (such as commands) or from an external + /// devfile that may reference this component through a parent or a plugin. pub name: String, - /// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. + /// Allows importing into the devworkspace the OpenShift resources + /// defined in a given manifest. For example this allows reusing the OpenShift + /// definitions used to deploy some runtime components in production. #[serde(default, skip_serializing_if = "Option::is_none")] pub openshift: Option, - /// Allows importing a plugin. - /// Plugins are mainly imported devfiles that contribute components, commands and events as a consistent single unit. They are defined in either YAML files following the devfile syntax, or as `DevWorkspaceTemplate` Kubernetes Custom Resources + /// Allows importing a plugin. + /// + /// + /// Plugins are mainly imported devfiles that contribute components, commands + /// and events as a consistent single unit. They are defined in either YAML files + /// following the devfile syntax, + /// or as `DevWorkspaceTemplate` Kubernetes Custom Resources #[serde(default, skip_serializing_if = "Option::is_none")] pub plugin: Option, - /// Allows specifying the definition of a volume shared by several other components + /// Allows specifying the definition of a volume + /// shared by several other components #[serde(default, skip_serializing_if = "Option::is_none")] pub volume: Option, } @@ -1629,28 +2010,41 @@ pub struct CheClusterServerWorkspaceDefaultComponentsContainer { /// Annotations that should be added to specific resources for this container #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option, - /// The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. - /// Defaults to an empty array, meaning use whatever is defined in the image. + /// The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. + /// + /// + /// Defaults to an empty array, meaning use whatever is defined in the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub args: Option>, - /// The command to run in the dockerimage component instead of the default one provided in the image. - /// Defaults to an empty array, meaning use whatever is defined in the image. + /// The command to run in the dockerimage component instead of the default one provided in the image. + /// + /// + /// Defaults to an empty array, meaning use whatever is defined in the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuLimit")] pub cpu_limit: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuRequest")] pub cpu_request: Option, - /// Specify if a container should run in its own separated pod, instead of running as part of the main development environment pod. - /// Default value is `false` + /// Specify if a container should run in its own separated pod, + /// instead of running as part of the main development environment pod. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "dedicatedPod")] pub dedicated_pod: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoints: Option>, - /// Environment variables used in this container. - /// The following variables are reserved and cannot be overridden via env: - /// - `$PROJECTS_ROOT` - /// - `$PROJECT_SOURCE` + /// Environment variables used in this container. + /// + /// + /// The following variables are reserved and cannot be overridden via env: + /// + /// + /// - `$PROJECTS_ROOT` + /// + /// + /// - `$PROJECT_SOURCE` #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, pub image: String, @@ -1658,11 +2052,16 @@ pub struct CheClusterServerWorkspaceDefaultComponentsContainer { pub memory_limit: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "memoryRequest")] pub memory_request: Option, - /// Toggles whether or not the project source code should be mounted in the component. - /// Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. + /// Toggles whether or not the project source code should + /// be mounted in the component. + /// + /// + /// Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountSources")] pub mount_sources: Option, - /// Optional specification of the path in the container where project sources should be transferred/mounted when `mountSources` is `true`. When omitted, the default value of /projects is used. + /// Optional specification of the path in the container where + /// project sources should be transferred/mounted when `mountSources` is `true`. + /// When omitted, the default value of /projects is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceMapping")] pub source_mapping: Option, /// List of volumes mounts that should be mounted is this container. @@ -1686,37 +2085,73 @@ pub struct CheClusterServerWorkspaceDefaultComponentsContainerEndpoints { /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(rename = "targetPort")] pub target_port: i64, } @@ -1756,20 +2191,27 @@ pub struct CheClusterServerWorkspaceDefaultComponentsContainerEnv { /// Volume that should be mounted to a component container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsContainerVolumeMounts { - /// The volume mount name is the name of an existing `Volume` component. If several containers mount the same volume name then they will reuse the same volume and will be able to access to the same files. + /// The volume mount name is the name of an existing `Volume` component. + /// If several containers mount the same volume name + /// then they will reuse the same volume and will be able to access to the same files. pub name: String, - /// The path in the component container where the volume should be mounted. If not path is mentioned, default path is the is `/`. + /// The path in the component container where the volume should be mounted. + /// If not path is mentioned, default path is the is `/`. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, } -/// Custom component whose logic is implementation-dependant and should be provided by the user possibly through some dedicated controller +/// Custom component whose logic is implementation-dependant +/// and should be provided by the user +/// possibly through some dedicated controller #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsCustom { - /// Class of component that the associated implementation controller should use to process this command with the appropriate logic + /// Class of component that the associated implementation controller + /// should use to process this command with the appropriate logic #[serde(rename = "componentClass")] pub component_class: String, - /// Additional free-form configuration for this custom component that the implementation controller will know how to use + /// Additional free-form configuration for this custom component + /// that the implementation controller will know how to use #[serde(rename = "embeddedResource")] pub embedded_resource: BTreeMap, } @@ -1777,8 +2219,10 @@ pub struct CheClusterServerWorkspaceDefaultComponentsCustom { /// Allows specifying the definition of an image for outer loop builds #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsImage { - /// Defines if the image should be built during startup. - /// Default value is `false` + /// Defines if the image should be built during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoBuild")] pub auto_build: Option, /// Allows specifying dockerfile type build @@ -1807,14 +2251,17 @@ pub struct CheClusterServerWorkspaceDefaultComponentsImageDockerfile { /// Dockerfile's Git source #[serde(default, skip_serializing_if = "Option::is_none")] pub git: Option, - /// Specify if a privileged builder pod is required. - /// Default value is `false` + /// Specify if a privileged builder pod is required. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "rootRequired")] pub root_required: Option, /// Type of Dockerfile src #[serde(default, skip_serializing_if = "Option::is_none", rename = "srcType")] pub src_type: Option, - /// URI Reference of a Dockerfile. It can be a full URL or a relative URI from the current devfile as the base URI. + /// URI Reference of a Dockerfile. + /// It can be a full URL or a relative URI from the current devfile as the base URI. #[serde(default, skip_serializing_if = "Option::is_none")] pub uri: Option, } @@ -1822,9 +2269,12 @@ pub struct CheClusterServerWorkspaceDefaultComponentsImageDockerfile { /// Dockerfile's Devfile Registry source #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsImageDockerfileDevfileRegistry { - /// Id in a devfile registry that contains a Dockerfile. The src in the OCI registry required for the Dockerfile build will be downloaded for building the image. + /// Id in a devfile registry that contains a Dockerfile. The src in the OCI registry + /// required for the Dockerfile build will be downloaded for building the image. pub id: String, - /// Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. To ensure the Dockerfile gets resolved consistently in different environments, it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. + /// Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. + /// To ensure the Dockerfile gets resolved consistently in different environments, + /// it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "registryUrl")] pub registry_url: Option, } @@ -1835,10 +2285,12 @@ pub struct CheClusterServerWorkspaceDefaultComponentsImageDockerfileGit { /// Defines from what the project should be checked out. Required if there are more than one remote configured #[serde(default, skip_serializing_if = "Option::is_none", rename = "checkoutFrom")] pub checkout_from: Option, - /// Location of the Dockerfile in the Git repository when using git as Dockerfile src. Defaults to Dockerfile. + /// Location of the Dockerfile in the Git repository when using git as Dockerfile src. + /// Defaults to Dockerfile. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileLocation")] pub file_location: Option, - /// The remotes map which should be initialized in the git project. Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. + /// The remotes map which should be initialized in the git project. + /// Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. pub remotes: BTreeMap, } @@ -1848,7 +2300,8 @@ pub struct CheClusterServerWorkspaceDefaultComponentsImageDockerfileGitCheckoutF /// The remote name should be used as init. Required if there are more than one remote configured #[serde(default, skip_serializing_if = "Option::is_none")] pub remote: Option, - /// The revision to checkout from. Should be branch name, tag or commit id. Default branch is used if missing or specified revision is not found. + /// The revision to checkout from. Should be branch name, tag or commit id. + /// Default branch is used if missing or specified revision is not found. #[serde(default, skip_serializing_if = "Option::is_none")] pub revision: Option, } @@ -1867,11 +2320,15 @@ pub enum CheClusterServerWorkspaceDefaultComponentsImageImageType { Dockerfile, } -/// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the Kubernetes resources +/// defined in a given manifest. For example this allows reusing the Kubernetes +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsKubernetes { - /// Defines if the component should be deployed during startup. - /// Default value is `false` + /// Defines if the component should be deployed during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "deployByDefault")] pub deploy_by_default: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1892,37 +2349,73 @@ pub struct CheClusterServerWorkspaceDefaultComponentsKubernetesEndpoints { /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(rename = "targetPort")] pub target_port: i64, } @@ -1953,18 +2446,24 @@ pub enum CheClusterServerWorkspaceDefaultComponentsKubernetesEndpointsProtocol { Udp, } -/// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the Kubernetes resources +/// defined in a given manifest. For example this allows reusing the Kubernetes +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CheClusterServerWorkspaceDefaultComponentsKubernetesLocationType { Uri, Inlined, } -/// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the OpenShift resources +/// defined in a given manifest. For example this allows reusing the OpenShift +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsOpenshift { - /// Defines if the component should be deployed during startup. - /// Default value is `false` + /// Defines if the component should be deployed during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "deployByDefault")] pub deploy_by_default: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1985,37 +2484,73 @@ pub struct CheClusterServerWorkspaceDefaultComponentsOpenshiftEndpoints { /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(rename = "targetPort")] pub target_port: i64, } @@ -2046,21 +2581,30 @@ pub enum CheClusterServerWorkspaceDefaultComponentsOpenshiftEndpointsProtocol { Udp, } -/// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the OpenShift resources +/// defined in a given manifest. For example this allows reusing the OpenShift +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CheClusterServerWorkspaceDefaultComponentsOpenshiftLocationType { Uri, Inlined, } -/// Allows importing a plugin. -/// Plugins are mainly imported devfiles that contribute components, commands and events as a consistent single unit. They are defined in either YAML files following the devfile syntax, or as `DevWorkspaceTemplate` Kubernetes Custom Resources +/// Allows importing a plugin. +/// +/// +/// Plugins are mainly imported devfiles that contribute components, commands +/// and events as a consistent single unit. They are defined in either YAML files +/// following the devfile syntax, +/// or as `DevWorkspaceTemplate` Kubernetes Custom Resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsPlugin { - /// Overrides of commands encapsulated in a parent devfile or a plugin. Overriding is done according to K8S strategic merge patch standard rules. + /// Overrides of commands encapsulated in a parent devfile or a plugin. + /// Overriding is done according to K8S strategic merge patch standard rules. #[serde(default, skip_serializing_if = "Option::is_none")] pub commands: Option>, - /// Overrides of components encapsulated in a parent devfile or a plugin. Overriding is done according to K8S strategic merge patch standard rules. + /// Overrides of components encapsulated in a parent devfile or a plugin. + /// Overriding is done according to K8S strategic merge patch standard rules. #[serde(default, skip_serializing_if = "Option::is_none")] pub components: Option>, /// Id in a registry that contains a Devfile yaml file @@ -2072,22 +2616,38 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPlugin { /// Reference to a Kubernetes CRD of type DevWorkspaceTemplate #[serde(default, skip_serializing_if = "Option::is_none")] pub kubernetes: Option, - /// Registry URL to pull the parent devfile from when using id in the parent reference. To ensure the parent devfile gets resolved consistently in different environments, it is recommended to always specify the `registryUrl` when `id` is used. + /// Registry URL to pull the parent devfile from when using id in the parent reference. + /// To ensure the parent devfile gets resolved consistently in different environments, + /// it is recommended to always specify the `registryUrl` when `id` is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "registryUrl")] pub registry_url: Option, - /// URI Reference of a parent devfile YAML file. It can be a full URL or a relative URI with the current devfile as the base URI. + /// URI Reference of a parent devfile YAML file. + /// It can be a full URL or a relative URI with the current devfile as the base URI. #[serde(default, skip_serializing_if = "Option::is_none")] pub uri: Option, - /// Specific stack/sample version to pull the parent devfile from, when using id in the parent reference. To specify `version`, `id` must be defined and used as the import reference source. `version` can be either a specific stack version, or `latest`. If no `version` specified, default version will be used. + /// Specific stack/sample version to pull the parent devfile from, when using id in the parent reference. + /// To specify `version`, `id` must be defined and used as the import reference source. + /// `version` can be either a specific stack version, or `latest`. + /// If no `version` specified, default version will be used. #[serde(default, skip_serializing_if = "Option::is_none")] pub version: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsPluginCommands { - /// Command that consists in applying a given component definition, typically bound to a devworkspace event. - /// For example, when an `apply` command is bound to a `preStart` event, and references a `container` component, it will start the container as a K8S initContainer in the devworkspace POD, unless the component has its `dedicatedPod` field set to `true`. - /// When no `apply` command exist for a given component, it is assumed the component will be applied at devworkspace start by default, unless `deployByDefault` for that component is set to false. + /// Command that consists in applying a given component definition, + /// typically bound to a devworkspace event. + /// + /// + /// For example, when an `apply` command is bound to a `preStart` event, + /// and references a `container` component, it will start the container as a + /// K8S initContainer in the devworkspace POD, unless the component has its + /// `dedicatedPod` field set to `true`. + /// + /// + /// When no `apply` command exist for a given component, + /// it is assumed the component will be applied at devworkspace start + /// by default, unless `deployByDefault` for that component is set to false. #[serde(default, skip_serializing_if = "Option::is_none")] pub apply: Option, /// Map of implementation-dependant free-form YAML attributes. @@ -2096,19 +2656,32 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginCommands { /// Type of devworkspace command #[serde(default, skip_serializing_if = "Option::is_none", rename = "commandType")] pub command_type: Option, - /// Composite command that allows executing several sub-commands either sequentially or concurrently + /// Composite command that allows executing several sub-commands + /// either sequentially or concurrently #[serde(default, skip_serializing_if = "Option::is_none")] pub composite: Option, /// CLI Command executed in an existing component container #[serde(default, skip_serializing_if = "Option::is_none")] pub exec: Option, - /// Mandatory identifier that allows referencing this command in composite commands, from a parent, or in events. + /// Mandatory identifier that allows referencing + /// this command in composite commands, from + /// a parent, or in events. pub id: String, } -/// Command that consists in applying a given component definition, typically bound to a devworkspace event. -/// For example, when an `apply` command is bound to a `preStart` event, and references a `container` component, it will start the container as a K8S initContainer in the devworkspace POD, unless the component has its `dedicatedPod` field set to `true`. -/// When no `apply` command exist for a given component, it is assumed the component will be applied at devworkspace start by default, unless `deployByDefault` for that component is set to false. +/// Command that consists in applying a given component definition, +/// typically bound to a devworkspace event. +/// +/// +/// For example, when an `apply` command is bound to a `preStart` event, +/// and references a `container` component, it will start the container as a +/// K8S initContainer in the devworkspace POD, unless the component has its +/// `dedicatedPod` field set to `true`. +/// +/// +/// When no `apply` command exist for a given component, +/// it is assumed the component will be applied at devworkspace start +/// by default, unless `deployByDefault` for that component is set to false. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsPluginCommandsApply { /// Describes component that will be applied @@ -2117,7 +2690,8 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginCommandsApply { /// Defines the group this command is part of #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// Optional label that provides a label for this command to be used in Editor UI menus for example + /// Optional label that provides a label for this command + /// to be used in Editor UI menus for example #[serde(default, skip_serializing_if = "Option::is_none")] pub label: Option, } @@ -2155,7 +2729,8 @@ pub enum CheClusterServerWorkspaceDefaultComponentsPluginCommandsCommandType { Composite, } -/// Composite command that allows executing several sub-commands either sequentially or concurrently +/// Composite command that allows executing several sub-commands +/// either sequentially or concurrently #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsPluginCommandsComposite { /// The commands that comprise this composite command @@ -2164,7 +2739,8 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginCommandsComposite { /// Defines the group this command is part of #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// Optional label that provides a label for this command to be used in Editor UI menus for example + /// Optional label that provides a label for this command + /// to be used in Editor UI menus for example #[serde(default, skip_serializing_if = "Option::is_none")] pub label: Option, /// Indicates if the sub-commands should be executed concurrently @@ -2201,32 +2777,52 @@ pub enum CheClusterServerWorkspaceDefaultComponentsPluginCommandsCompositeGroupK /// CLI Command executed in an existing component container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsPluginCommandsExec { - /// The actual command-line string - /// Special variables that can be used: - /// - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. - /// - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. + /// The actual command-line string + /// + /// + /// Special variables that can be used: + /// + /// + /// - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. + /// + /// + /// - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. #[serde(default, skip_serializing_if = "Option::is_none", rename = "commandLine")] pub command_line: Option, /// Describes component to which given action relates #[serde(default, skip_serializing_if = "Option::is_none")] pub component: Option, - /// Optional list of environment variables that have to be set before running the command + /// Optional list of environment variables that have to be set + /// before running the command #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, /// Defines the group this command is part of #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// Specify whether the command is restarted or not when the source code changes. If set to `true` the command won't be restarted. A *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted. A *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again. This field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`. - /// Default value is `false` + /// Specify whether the command is restarted or not when the source code changes. + /// If set to `true` the command won't be restarted. + /// A *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted. + /// A *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again. + /// This field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "hotReloadCapable")] pub hot_reload_capable: Option, - /// Optional label that provides a label for this command to be used in Editor UI menus for example + /// Optional label that provides a label for this command + /// to be used in Editor UI menus for example #[serde(default, skip_serializing_if = "Option::is_none")] pub label: Option, - /// Working directory where the command should be executed - /// Special variables that can be used: - /// - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. - /// - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. + /// Working directory where the command should be executed + /// + /// + /// Special variables that can be used: + /// + /// + /// - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. + /// + /// + /// - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. #[serde(default, skip_serializing_if = "Option::is_none", rename = "workingDir")] pub working_dir: Option, } @@ -2278,15 +2874,22 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponents { /// Allows specifying the definition of an image for outer loop builds #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, - /// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. + /// Allows importing into the devworkspace the Kubernetes resources + /// defined in a given manifest. For example this allows reusing the Kubernetes + /// definitions used to deploy some runtime components in production. #[serde(default, skip_serializing_if = "Option::is_none")] pub kubernetes: Option, - /// Mandatory name that allows referencing the component from other elements (such as commands) or from an external devfile that may reference this component through a parent or a plugin. + /// Mandatory name that allows referencing the component + /// from other elements (such as commands) or from an external + /// devfile that may reference this component through a parent or a plugin. pub name: String, - /// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. + /// Allows importing into the devworkspace the OpenShift resources + /// defined in a given manifest. For example this allows reusing the OpenShift + /// definitions used to deploy some runtime components in production. #[serde(default, skip_serializing_if = "Option::is_none")] pub openshift: Option, - /// Allows specifying the definition of a volume shared by several other components + /// Allows specifying the definition of a volume + /// shared by several other components #[serde(default, skip_serializing_if = "Option::is_none")] pub volume: Option, } @@ -2306,28 +2909,41 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsContainer { /// Annotations that should be added to specific resources for this container #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option, - /// The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. - /// Defaults to an empty array, meaning use whatever is defined in the image. + /// The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. + /// + /// + /// Defaults to an empty array, meaning use whatever is defined in the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub args: Option>, - /// The command to run in the dockerimage component instead of the default one provided in the image. - /// Defaults to an empty array, meaning use whatever is defined in the image. + /// The command to run in the dockerimage component instead of the default one provided in the image. + /// + /// + /// Defaults to an empty array, meaning use whatever is defined in the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuLimit")] pub cpu_limit: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuRequest")] pub cpu_request: Option, - /// Specify if a container should run in its own separated pod, instead of running as part of the main development environment pod. - /// Default value is `false` + /// Specify if a container should run in its own separated pod, + /// instead of running as part of the main development environment pod. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "dedicatedPod")] pub dedicated_pod: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoints: Option>, - /// Environment variables used in this container. - /// The following variables are reserved and cannot be overridden via env: - /// - `$PROJECTS_ROOT` - /// - `$PROJECT_SOURCE` + /// Environment variables used in this container. + /// + /// + /// The following variables are reserved and cannot be overridden via env: + /// + /// + /// - `$PROJECTS_ROOT` + /// + /// + /// - `$PROJECT_SOURCE` #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2336,11 +2952,16 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsContainer { pub memory_limit: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "memoryRequest")] pub memory_request: Option, - /// Toggles whether or not the project source code should be mounted in the component. - /// Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. + /// Toggles whether or not the project source code should + /// be mounted in the component. + /// + /// + /// Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountSources")] pub mount_sources: Option, - /// Optional specification of the path in the container where project sources should be transferred/mounted when `mountSources` is `true`. When omitted, the default value of /projects is used. + /// Optional specification of the path in the container where + /// project sources should be transferred/mounted when `mountSources` is `true`. + /// When omitted, the default value of /projects is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceMapping")] pub source_mapping: Option, /// List of volumes mounts that should be mounted is this container. @@ -2364,37 +2985,73 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsContainerEn /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] pub target_port: Option, } @@ -2435,9 +3092,12 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsContainerEn /// Volume that should be mounted to a component container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsContainerVolumeMounts { - /// The volume mount name is the name of an existing `Volume` component. If several containers mount the same volume name then they will reuse the same volume and will be able to access to the same files. + /// The volume mount name is the name of an existing `Volume` component. + /// If several containers mount the same volume name + /// then they will reuse the same volume and will be able to access to the same files. pub name: String, - /// The path in the component container where the volume should be mounted. If not path is mentioned, default path is the is `/`. + /// The path in the component container where the volume should be mounted. + /// If not path is mentioned, default path is the is `/`. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, } @@ -2445,8 +3105,10 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsContainerVo /// Allows specifying the definition of an image for outer loop builds #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsImage { - /// Defines if the image should be built during startup. - /// Default value is `false` + /// Defines if the image should be built during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoBuild")] pub auto_build: Option, /// Allows specifying dockerfile type build @@ -2475,14 +3137,17 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsImageDocker /// Dockerfile's Git source #[serde(default, skip_serializing_if = "Option::is_none")] pub git: Option, - /// Specify if a privileged builder pod is required. - /// Default value is `false` + /// Specify if a privileged builder pod is required. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "rootRequired")] pub root_required: Option, /// Type of Dockerfile src #[serde(default, skip_serializing_if = "Option::is_none", rename = "srcType")] pub src_type: Option, - /// URI Reference of a Dockerfile. It can be a full URL or a relative URI from the current devfile as the base URI. + /// URI Reference of a Dockerfile. + /// It can be a full URL or a relative URI from the current devfile as the base URI. #[serde(default, skip_serializing_if = "Option::is_none")] pub uri: Option, } @@ -2490,10 +3155,13 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsImageDocker /// Dockerfile's Devfile Registry source #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsImageDockerfileDevfileRegistry { - /// Id in a devfile registry that contains a Dockerfile. The src in the OCI registry required for the Dockerfile build will be downloaded for building the image. + /// Id in a devfile registry that contains a Dockerfile. The src in the OCI registry + /// required for the Dockerfile build will be downloaded for building the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, - /// Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. To ensure the Dockerfile gets resolved consistently in different environments, it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. + /// Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. + /// To ensure the Dockerfile gets resolved consistently in different environments, + /// it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "registryUrl")] pub registry_url: Option, } @@ -2504,10 +3172,12 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsImageDocker /// Defines from what the project should be checked out. Required if there are more than one remote configured #[serde(default, skip_serializing_if = "Option::is_none", rename = "checkoutFrom")] pub checkout_from: Option, - /// Location of the Dockerfile in the Git repository when using git as Dockerfile src. Defaults to Dockerfile. + /// Location of the Dockerfile in the Git repository when using git as Dockerfile src. + /// Defaults to Dockerfile. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileLocation")] pub file_location: Option, - /// The remotes map which should be initialized in the git project. Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. + /// The remotes map which should be initialized in the git project. + /// Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. #[serde(default, skip_serializing_if = "Option::is_none")] pub remotes: Option>, } @@ -2518,7 +3188,8 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsImageDocker /// The remote name should be used as init. Required if there are more than one remote configured #[serde(default, skip_serializing_if = "Option::is_none")] pub remote: Option, - /// The revision to checkout from. Should be branch name, tag or commit id. Default branch is used if missing or specified revision is not found. + /// The revision to checkout from. Should be branch name, tag or commit id. + /// Default branch is used if missing or specified revision is not found. #[serde(default, skip_serializing_if = "Option::is_none")] pub revision: Option, } @@ -2538,11 +3209,15 @@ pub enum CheClusterServerWorkspaceDefaultComponentsPluginComponentsImageImageTyp AutoBuild, } -/// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the Kubernetes resources +/// defined in a given manifest. For example this allows reusing the Kubernetes +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsKubernetes { - /// Defines if the component should be deployed during startup. - /// Default value is `false` + /// Defines if the component should be deployed during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "deployByDefault")] pub deploy_by_default: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2563,37 +3238,73 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsKubernetesE /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] pub target_port: Option, } @@ -2624,18 +3335,24 @@ pub enum CheClusterServerWorkspaceDefaultComponentsPluginComponentsKubernetesEnd Udp, } -/// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the Kubernetes resources +/// defined in a given manifest. For example this allows reusing the Kubernetes +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CheClusterServerWorkspaceDefaultComponentsPluginComponentsKubernetesLocationType { Uri, Inlined, } -/// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the OpenShift resources +/// defined in a given manifest. For example this allows reusing the OpenShift +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsOpenshift { - /// Defines if the component should be deployed during startup. - /// Default value is `false` + /// Defines if the component should be deployed during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "deployByDefault")] pub deploy_by_default: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2656,37 +3373,73 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsOpenshiftEn /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] pub target_port: Option, } @@ -2717,17 +3470,21 @@ pub enum CheClusterServerWorkspaceDefaultComponentsPluginComponentsOpenshiftEndp Udp, } -/// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the OpenShift resources +/// defined in a given manifest. For example this allows reusing the OpenShift +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CheClusterServerWorkspaceDefaultComponentsPluginComponentsOpenshiftLocationType { Uri, Inlined, } -/// Allows specifying the definition of a volume shared by several other components +/// Allows specifying the definition of a volume +/// shared by several other components #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsVolume { - /// Ephemeral volumes are not stored persistently across restarts. Defaults to false + /// Ephemeral volumes are not stored persistently across restarts. Defaults + /// to false #[serde(default, skip_serializing_if = "Option::is_none")] pub ephemeral: Option, /// Size of the volume @@ -2735,8 +3492,13 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginComponentsVolume { pub size: Option, } -/// Allows importing a plugin. -/// Plugins are mainly imported devfiles that contribute components, commands and events as a consistent single unit. They are defined in either YAML files following the devfile syntax, or as `DevWorkspaceTemplate` Kubernetes Custom Resources +/// Allows importing a plugin. +/// +/// +/// Plugins are mainly imported devfiles that contribute components, commands +/// and events as a consistent single unit. They are defined in either YAML files +/// following the devfile syntax, +/// or as `DevWorkspaceTemplate` Kubernetes Custom Resources #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CheClusterServerWorkspaceDefaultComponentsPluginImportReferenceType { Uri, @@ -2752,10 +3514,12 @@ pub struct CheClusterServerWorkspaceDefaultComponentsPluginKubernetes { pub namespace: Option, } -/// Allows specifying the definition of a volume shared by several other components +/// Allows specifying the definition of a volume +/// shared by several other components #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspaceDefaultComponentsVolume { - /// Ephemeral volumes are not stored persistently across restarts. Defaults to false + /// Ephemeral volumes are not stored persistently across restarts. Defaults + /// to false #[serde(default, skip_serializing_if = "Option::is_none")] pub ephemeral: Option, /// Size of the volume @@ -2763,22 +3527,32 @@ pub struct CheClusterServerWorkspaceDefaultComponentsVolume { pub size: Option, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterServerWorkspacePodTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. #[serde(default, skip_serializing_if = "Option::is_none")] pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, } @@ -2805,16 +3579,19 @@ pub struct CheClusterStorage { /// Storage class for the Persistent Volume Claim dedicated to the PostgreSQL database. When omitted or left blank, a default storage class is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "postgresPVCStorageClassName")] pub postgres_pvc_storage_class_name: Option, - /// Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes. Defaults to `false`, however it will need to enable it according to the configuration of your Kubernetes cluster. + /// Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes. + /// Defaults to `false`, however it will need to enable it according to the configuration of your Kubernetes cluster. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preCreateSubPaths")] pub pre_create_sub_paths: Option, /// Size of the persistent volume claim for workspaces. Defaults to `10Gi`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pvcClaimSize")] pub pvc_claim_size: Option, - /// Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field. + /// Overrides the container image used to create sub-paths in the Persistent Volumes. + /// This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pvcJobsImage")] pub pvc_jobs_image: Option, - /// Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. + /// Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume), + /// `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pvcStrategy")] pub pvc_strategy: Option, /// Storage class for the Persistent Volume Claims dedicated to the Che workspaces. When omitted or left blank, a default storage class is used. @@ -2878,10 +3655,12 @@ pub struct CheClusterStatus { /// The status of the Devworkspace subsystem #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterStatusDevworkspaceStatus { - /// GatewayHost is the resolved host of the ingress/route. This is equal to the Host in the spec on Kubernetes but contains the actual host name of the route if Host is unspecified on OpenShift. + /// GatewayHost is the resolved host of the ingress/route. This is equal to the Host in the spec + /// on Kubernetes but contains the actual host name of the route if Host is unspecified on OpenShift. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gatewayHost")] pub gateway_host: Option, - /// GatewayPhase specifies the phase in which the gateway deployment currently is. If the gateway is disabled, the phase is "Inactive". + /// GatewayPhase specifies the phase in which the gateway deployment currently is. + /// If the gateway is disabled, the phase is "Inactive". #[serde(default, skip_serializing_if = "Option::is_none", rename = "gatewayPhase")] pub gateway_phase: Option, /// Message contains further human-readable info for why the Che cluster is in the phase it currently is. @@ -2893,7 +3672,9 @@ pub struct CheClusterStatusDevworkspaceStatus { /// A brief CamelCase message indicating details about why the Che cluster is in this state. #[serde(default, skip_serializing_if = "Option::is_none")] pub reason: Option, - /// The resolved workspace base domain. This is either the copy of the explicitly defined property of the same name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically resolved basedomain for routes. + /// The resolved workspace base domain. This is either the copy of the explicitly defined property of the + /// same name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically + /// resolved basedomain for routes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "workspaceBaseDomain")] pub workspace_base_domain: Option, } diff --git a/kube-custom-resources-rs/src/org_eclipse_che/v2/checlusters.rs b/kube-custom-resources-rs/src/org_eclipse_che/v2/checlusters.rs index 1f6f71d84..9dce0d1e8 100644 --- a/kube-custom-resources-rs/src/org_eclipse_che/v2/checlusters.rs +++ b/kube-custom-resources-rs/src/org_eclipse_che/v2/checlusters.rs @@ -66,7 +66,14 @@ pub struct CheClusterComponents { /// General configuration settings related to the Che server. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsCheServer { - /// Additional ClusterRoles assigned to Che ServiceAccount. Each role must have a `app.kubernetes.io/part-of=che.eclipse.org` label. The defaults roles are: - `-cheworkspaces-clusterrole` - `-cheworkspaces-namespaces-clusterrole` - `-cheworkspaces-devworkspace-clusterrole` where the is the namespace where the CheCluster CR is created. The Che Operator must already have all permissions in these ClusterRoles to grant them. + /// Additional ClusterRoles assigned to Che ServiceAccount. + /// Each role must have a `app.kubernetes.io/part-of=che.eclipse.org` label. + /// The defaults roles are: + /// - `-cheworkspaces-clusterrole` + /// - `-cheworkspaces-namespaces-clusterrole` + /// - `-cheworkspaces-devworkspace-clusterrole` + /// where the is the namespace where the CheCluster CR is created. + /// The Che Operator must already have all permissions in these ClusterRoles to grant them. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] pub cluster_roles: Option>, /// Enables the debug mode for Che server. @@ -75,13 +82,17 @@ pub struct CheClusterComponentsCheServer { /// Deployment override options. #[serde(default, skip_serializing_if = "Option::is_none")] pub deployment: Option, - /// A map of additional environment variables applied in the generated `che` ConfigMap to be used by the Che server in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). If the `extraProperties` field contains a property normally generated in `che` ConfigMap from other CR fields, the value defined in the `extraProperties` is used instead. + /// A map of additional environment variables applied in the generated `che` ConfigMap to be used by the Che server + /// in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). + /// If the `extraProperties` field contains a property normally generated in `che` ConfigMap from other CR fields, + /// the value defined in the `extraProperties` is used instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraProperties")] pub extra_properties: Option>, /// The log level for the Che server: `INFO` or `DEBUG`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logLevel")] pub log_level: Option, - /// Proxy server settings for Kubernetes cluster. No additional configuration is required for OpenShift cluster. By specifying these settings for the OpenShift cluster, you override the OpenShift proxy configuration. + /// Proxy server settings for Kubernetes cluster. No additional configuration is required for OpenShift cluster. + /// By specifying these settings for the OpenShift cluster, you override the OpenShift proxy configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub proxy: Option, } @@ -122,7 +133,15 @@ pub struct CheClusterComponentsCheServerDeploymentContainers { pub struct CheClusterComponentsCheServerDeploymentContainersEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -136,10 +155,12 @@ pub struct CheClusterComponentsCheServerDeploymentContainersEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -152,7 +173,9 @@ pub struct CheClusterComponentsCheServerDeploymentContainersEnvValueFrom { pub struct CheClusterComponentsCheServerDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -160,7 +183,8 @@ pub struct CheClusterComponentsCheServerDeploymentContainersEnvValueFromConfigMa pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsCheServerDeploymentContainersEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -171,7 +195,8 @@ pub struct CheClusterComponentsCheServerDeploymentContainersEnvValueFromFieldRef pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsCheServerDeploymentContainersEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -189,7 +214,9 @@ pub struct CheClusterComponentsCheServerDeploymentContainersEnvValueFromResource pub struct CheClusterComponentsCheServerDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -219,10 +246,14 @@ pub struct CheClusterComponentsCheServerDeploymentContainersResources { /// Describes the maximum amount of compute resources allowed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsCheServerDeploymentContainersResourcesLimits { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -230,10 +261,14 @@ pub struct CheClusterComponentsCheServerDeploymentContainersResourcesLimits { /// Describes the minimum amount of compute resources required. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsCheServerDeploymentContainersResourcesRequest { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -249,19 +284,31 @@ pub struct CheClusterComponentsCheServerDeploymentSecurityContext { pub run_as_user: Option, } -/// Proxy server settings for Kubernetes cluster. No additional configuration is required for OpenShift cluster. By specifying these settings for the OpenShift cluster, you override the OpenShift proxy configuration. +/// Proxy server settings for Kubernetes cluster. No additional configuration is required for OpenShift cluster. +/// By specifying these settings for the OpenShift cluster, you override the OpenShift proxy configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsCheServerProxy { - /// The secret name that contains `user` and `password` for a proxy server. The secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label. + /// The secret name that contains `user` and `password` for a proxy server. + /// The secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label. #[serde(default, skip_serializing_if = "Option::is_none", rename = "credentialsSecretName")] pub credentials_secret_name: Option, - /// A list of hosts that can be reached directly, bypassing the proxy. Specify wild card domain use the following form `.`, for example: - localhost - my.host.com - 123.42.12.32 Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration, defining `nonProxyHosts` in a custom resource leads to merging non-proxy hosts lists from the cluster proxy configuration, and the ones defined in the custom resources. See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html. + /// A list of hosts that can be reached directly, bypassing the proxy. + /// Specify wild card domain use the following form `.`, for example: + /// - localhost + /// - my.host.com + /// - 123.42.12.32 + /// Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration, + /// defining `nonProxyHosts` in a custom resource leads to merging non-proxy hosts lists from the cluster proxy configuration, and the ones defined in the custom resources. + /// See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nonProxyHosts")] pub non_proxy_hosts: Option>, /// Proxy server port. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, - /// URL (protocol+hostname) of the proxy server. Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration, defining `url` in a custom resource leads to overriding the cluster proxy configuration. See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html. + /// URL (protocol+hostname) of the proxy server. + /// Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration, + /// defining `url` in a custom resource leads to overriding the cluster proxy configuration. + /// See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html. #[serde(default, skip_serializing_if = "Option::is_none")] pub url: Option, } @@ -334,7 +381,15 @@ pub struct CheClusterComponentsDashboardDeploymentContainers { pub struct CheClusterComponentsDashboardDeploymentContainersEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -348,10 +403,12 @@ pub struct CheClusterComponentsDashboardDeploymentContainersEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -364,7 +421,9 @@ pub struct CheClusterComponentsDashboardDeploymentContainersEnvValueFrom { pub struct CheClusterComponentsDashboardDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -372,7 +431,8 @@ pub struct CheClusterComponentsDashboardDeploymentContainersEnvValueFromConfigMa pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsDashboardDeploymentContainersEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -383,7 +443,8 @@ pub struct CheClusterComponentsDashboardDeploymentContainersEnvValueFromFieldRef pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsDashboardDeploymentContainersEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -401,7 +462,9 @@ pub struct CheClusterComponentsDashboardDeploymentContainersEnvValueFromResource pub struct CheClusterComponentsDashboardDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -431,10 +494,14 @@ pub struct CheClusterComponentsDashboardDeploymentContainersResources { /// Describes the maximum amount of compute resources allowed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsDashboardDeploymentContainersResourcesLimits { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -442,10 +509,14 @@ pub struct CheClusterComponentsDashboardDeploymentContainersResourcesLimits { /// Describes the minimum amount of compute resources required. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsDashboardDeploymentContainersResourcesRequest { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -494,7 +565,8 @@ pub enum CheClusterComponentsDashboardLogLevel { /// DevWorkspace Operator configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsDevWorkspace { - /// Deprecated in favor of `MaxNumberOfRunningWorkspacesPerUser` The maximum number of running workspaces per user. + /// Deprecated in favor of `MaxNumberOfRunningWorkspacesPerUser` + /// The maximum number of running workspaces per user. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runningLimit")] pub running_limit: Option, } @@ -549,7 +621,15 @@ pub struct CheClusterComponentsDevfileRegistryDeploymentContainers { pub struct CheClusterComponentsDevfileRegistryDeploymentContainersEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -563,10 +643,12 @@ pub struct CheClusterComponentsDevfileRegistryDeploymentContainersEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -579,7 +661,9 @@ pub struct CheClusterComponentsDevfileRegistryDeploymentContainersEnvValueFrom { pub struct CheClusterComponentsDevfileRegistryDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -587,7 +671,8 @@ pub struct CheClusterComponentsDevfileRegistryDeploymentContainersEnvValueFromCo pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsDevfileRegistryDeploymentContainersEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -598,7 +683,8 @@ pub struct CheClusterComponentsDevfileRegistryDeploymentContainersEnvValueFromFi pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsDevfileRegistryDeploymentContainersEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -616,7 +702,9 @@ pub struct CheClusterComponentsDevfileRegistryDeploymentContainersEnvValueFromRe pub struct CheClusterComponentsDevfileRegistryDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -646,10 +734,14 @@ pub struct CheClusterComponentsDevfileRegistryDeploymentContainersResources { /// Describes the maximum amount of compute resources allowed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsDevfileRegistryDeploymentContainersResourcesLimits { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -657,10 +749,14 @@ pub struct CheClusterComponentsDevfileRegistryDeploymentContainersResourcesLimit /// Describes the minimum amount of compute resources required. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsDevfileRegistryDeploymentContainersResourcesRequest { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -687,7 +783,14 @@ pub struct CheClusterComponentsDevfileRegistryExternalDevfileRegistries { /// Kubernetes Image Puller configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsImagePuller { - /// Install and configure the community supported Kubernetes Image Puller Operator. When you set the value to `true` without providing any specs, it creates a default Kubernetes Image Puller object managed by the Operator. When you set the value to `false`, the Kubernetes Image Puller object is deleted, and the Operator uninstalled, regardless of whether a spec is provided. If you leave the `spec.images` field empty, a set of recommended workspace-related images is automatically detected and pre-pulled after installation. Note that while this Operator and its behavior is community-supported, its payload may be commercially-supported for pulling commercially-supported images. + /// Install and configure the community supported Kubernetes Image Puller Operator. When you set the value to `true` without providing any specs, + /// it creates a default Kubernetes Image Puller object managed by the Operator. + /// When you set the value to `false`, the Kubernetes Image Puller object is deleted, and the Operator uninstalled, + /// regardless of whether a spec is provided. + /// If you leave the `spec.images` field empty, a set of recommended workspace-related images is automatically detected and + /// pre-pulled after installation. + /// Note that while this Operator and its behavior is community-supported, its payload may be commercially-supported + /// for pulling commercially-supported images. #[serde(default, skip_serializing_if = "Option::is_none")] pub enable: Option, /// A Kubernetes Image Puller spec to configure the image puller in the CheCluster. @@ -787,7 +890,15 @@ pub struct CheClusterComponentsPluginRegistryDeploymentContainers { pub struct CheClusterComponentsPluginRegistryDeploymentContainersEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -801,10 +912,12 @@ pub struct CheClusterComponentsPluginRegistryDeploymentContainersEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -817,7 +930,9 @@ pub struct CheClusterComponentsPluginRegistryDeploymentContainersEnvValueFrom { pub struct CheClusterComponentsPluginRegistryDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -825,7 +940,8 @@ pub struct CheClusterComponentsPluginRegistryDeploymentContainersEnvValueFromCon pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsPluginRegistryDeploymentContainersEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -836,7 +952,8 @@ pub struct CheClusterComponentsPluginRegistryDeploymentContainersEnvValueFromFie pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsPluginRegistryDeploymentContainersEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -854,7 +971,9 @@ pub struct CheClusterComponentsPluginRegistryDeploymentContainersEnvValueFromRes pub struct CheClusterComponentsPluginRegistryDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -884,10 +1003,14 @@ pub struct CheClusterComponentsPluginRegistryDeploymentContainersResources { /// Describes the maximum amount of compute resources allowed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsPluginRegistryDeploymentContainersResourcesLimits { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -895,10 +1018,14 @@ pub struct CheClusterComponentsPluginRegistryDeploymentContainersResourcesLimits /// Describes the minimum amount of compute resources required. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterComponentsPluginRegistryDeploymentContainersResourcesRequest { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -925,10 +1052,14 @@ pub struct CheClusterComponentsPluginRegistryExternalPluginRegistries { /// Configuration of an alternative registry that stores Che images. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterContainerRegistry { - /// An optional hostname or URL of an alternative container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. This is particularly useful for installing Che in a restricted environment. + /// An optional hostname or URL of an alternative container registry to pull images from. + /// This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. + /// This is particularly useful for installing Che in a restricted environment. #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, - /// An optional repository name of an alternative registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful for installing Eclipse Che in a restricted environment. + /// An optional repository name of an alternative registry to pull images from. + /// This value overrides the container registry organization defined in all the default container images involved in a Che deployment. + /// This is particularly useful for installing Eclipse Che in a restricted environment. #[serde(default, skip_serializing_if = "Option::is_none")] pub organization: Option, } @@ -939,10 +1070,13 @@ pub struct CheClusterDevEnvironments { /// Container build configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerBuildConfiguration")] pub container_build_configuration: Option, - /// Default components applied to DevWorkspaces. These default components are meant to be used when a Devfile, that does not contain any components. + /// Default components applied to DevWorkspaces. + /// These default components are meant to be used when a Devfile, that does not contain any components. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultComponents")] pub default_components: Option>, - /// The default editor to workspace create with. It could be a plugin ID or a URI. The plugin ID must have `publisher/name/version` format. The URI must start from `http://` or `https://`. + /// The default editor to workspace create with. It could be a plugin ID or a URI. + /// The plugin ID must have `publisher/name/version` format. + /// The URI must start from `http://` or `https://`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultEditor")] pub default_editor: Option, /// User's default namespace. @@ -951,11 +1085,25 @@ pub struct CheClusterDevEnvironments { /// Default plug-ins applied to DevWorkspaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultPlugins")] pub default_plugins: Option>, - /// DeploymentStrategy defines the deployment strategy to use to replace existing workspace pods with new ones. The available deployment stragies are `Recreate` and `RollingUpdate`. With the `Recreate` deployment strategy, the existing workspace pod is killed before the new one is created. With the `RollingUpdate` deployment strategy, a new workspace pod is created and the existing workspace pod is deleted only when the new workspace pod is in a ready state. If not specified, the default `Recreate` deployment strategy is used. + /// DeploymentStrategy defines the deployment strategy to use to replace existing workspace pods + /// with new ones. The available deployment stragies are `Recreate` and `RollingUpdate`. + /// With the `Recreate` deployment strategy, the existing workspace pod is killed before the new one is created. + /// With the `RollingUpdate` deployment strategy, a new workspace pod is created and the existing workspace pod is deleted + /// only when the new workspace pod is in a ready state. + /// If not specified, the default `Recreate` deployment strategy is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "deploymentStrategy")] pub deployment_strategy: Option, - /// Disables the container build capabilities. When set to `false` (the default value), the devEnvironments.security.containerSecurityContext field is ignored, and the following container SecurityContext is applied: - /// containerSecurityContext: allowPrivilegeEscalation: true capabilities: add: - SETGID - SETUID + /// Disables the container build capabilities. + /// When set to `false` (the default value), the devEnvironments.security.containerSecurityContext + /// field is ignored, and the following container SecurityContext is applied: + /// + /// + /// containerSecurityContext: + /// allowPrivilegeEscalation: true + /// capabilities: + /// add: + /// - SETGID + /// - SETUID #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableContainerBuildCapabilities")] pub disable_container_build_capabilities: Option, /// GatewayContainer configuration. @@ -964,28 +1112,36 @@ pub struct CheClusterDevEnvironments { /// ImagePullPolicy defines the imagePullPolicy used for containers in a DevWorkspace. #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullPolicy")] pub image_pull_policy: Option, - /// The maximum number of running workspaces per user. The value, -1, allows users to run an unlimited number of workspaces. + /// The maximum number of running workspaces per user. + /// The value, -1, allows users to run an unlimited number of workspaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxNumberOfRunningWorkspacesPerUser")] pub max_number_of_running_workspaces_per_user: Option, - /// Total number of workspaces, both stopped and running, that a user can keep. The value, -1, allows users to keep an unlimited number of workspaces. + /// Total number of workspaces, both stopped and running, that a user can keep. + /// The value, -1, allows users to keep an unlimited number of workspaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxNumberOfWorkspacesPerUser")] pub max_number_of_workspaces_per_user: Option, /// The node selector limits the nodes that can run the workspace pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, - /// PersistUserHome defines configuration options for persisting the user home directory in workspaces. + /// PersistUserHome defines configuration options for persisting the + /// user home directory in workspaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistUserHome")] pub persist_user_home: Option, - /// Pod scheduler for the workspace pods. If not specified, the pod scheduler is set to the default scheduler on the cluster. + /// Pod scheduler for the workspace pods. + /// If not specified, the pod scheduler is set to the default scheduler on the cluster. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSchedulerName")] pub pod_scheduler_name: Option, /// Project clone container configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "projectCloneContainer")] pub project_clone_container: Option, - /// Idle timeout for workspaces in seconds. This timeout is the duration after which a workspace will be idled if there is no activity. To disable workspace idling due to inactivity, set this value to -1. + /// Idle timeout for workspaces in seconds. + /// This timeout is the duration after which a workspace will be idled if there is no activity. + /// To disable workspace idling due to inactivity, set this value to -1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secondsOfInactivityBeforeIdling")] pub seconds_of_inactivity_before_idling: Option, - /// Run timeout for workspaces in seconds. This timeout is the maximum duration a workspace runs. To disable workspace run timeout, set this value to -1. + /// Run timeout for workspaces in seconds. + /// This timeout is the maximum duration a workspace runs. + /// To disable workspace run timeout, set this value to -1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secondsOfRunBeforeIdling")] pub seconds_of_run_before_idling: Option, /// Workspace security configuration. @@ -997,7 +1153,9 @@ pub struct CheClusterDevEnvironments { /// List of ServiceAccount tokens that will be mounted into workspace pods as projected volumes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountTokens")] pub service_account_tokens: Option>, - /// StartTimeoutSeconds determines the maximum duration (in seconds) that a workspace can take to start before it is automatically failed. If not specified, the default value of 300 seconds (5 minutes) is used. + /// StartTimeoutSeconds determines the maximum duration (in seconds) that a workspace can take to start + /// before it is automatically failed. + /// If not specified, the default value of 300 seconds (5 minutes) is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "startTimeoutSeconds")] pub start_timeout_seconds: Option, /// Workspaces persistent storage. @@ -1033,25 +1191,39 @@ pub struct CheClusterDevEnvironmentsDefaultComponents { /// Allows adding and configuring devworkspace-related containers #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, - /// Custom component whose logic is implementation-dependant and should be provided by the user possibly through some dedicated controller + /// Custom component whose logic is implementation-dependant + /// and should be provided by the user + /// possibly through some dedicated controller #[serde(default, skip_serializing_if = "Option::is_none")] pub custom: Option, /// Allows specifying the definition of an image for outer loop builds #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, - /// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. + /// Allows importing into the devworkspace the Kubernetes resources + /// defined in a given manifest. For example this allows reusing the Kubernetes + /// definitions used to deploy some runtime components in production. #[serde(default, skip_serializing_if = "Option::is_none")] pub kubernetes: Option, - /// Mandatory name that allows referencing the component from other elements (such as commands) or from an external devfile that may reference this component through a parent or a plugin. + /// Mandatory name that allows referencing the component + /// from other elements (such as commands) or from an external + /// devfile that may reference this component through a parent or a plugin. pub name: String, - /// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. + /// Allows importing into the devworkspace the OpenShift resources + /// defined in a given manifest. For example this allows reusing the OpenShift + /// definitions used to deploy some runtime components in production. #[serde(default, skip_serializing_if = "Option::is_none")] pub openshift: Option, - /// Allows importing a plugin. - /// Plugins are mainly imported devfiles that contribute components, commands and events as a consistent single unit. They are defined in either YAML files following the devfile syntax, or as `DevWorkspaceTemplate` Kubernetes Custom Resources + /// Allows importing a plugin. + /// + /// + /// Plugins are mainly imported devfiles that contribute components, commands + /// and events as a consistent single unit. They are defined in either YAML files + /// following the devfile syntax, + /// or as `DevWorkspaceTemplate` Kubernetes Custom Resources #[serde(default, skip_serializing_if = "Option::is_none")] pub plugin: Option, - /// Allows specifying the definition of a volume shared by several other components + /// Allows specifying the definition of a volume + /// shared by several other components #[serde(default, skip_serializing_if = "Option::is_none")] pub volume: Option, } @@ -1073,28 +1245,41 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsContainer { /// Annotations that should be added to specific resources for this container #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option, - /// The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. - /// Defaults to an empty array, meaning use whatever is defined in the image. + /// The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. + /// + /// + /// Defaults to an empty array, meaning use whatever is defined in the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub args: Option>, - /// The command to run in the dockerimage component instead of the default one provided in the image. - /// Defaults to an empty array, meaning use whatever is defined in the image. + /// The command to run in the dockerimage component instead of the default one provided in the image. + /// + /// + /// Defaults to an empty array, meaning use whatever is defined in the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuLimit")] pub cpu_limit: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuRequest")] pub cpu_request: Option, - /// Specify if a container should run in its own separated pod, instead of running as part of the main development environment pod. - /// Default value is `false` + /// Specify if a container should run in its own separated pod, + /// instead of running as part of the main development environment pod. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "dedicatedPod")] pub dedicated_pod: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoints: Option>, - /// Environment variables used in this container. - /// The following variables are reserved and cannot be overridden via env: - /// - `$PROJECTS_ROOT` - /// - `$PROJECT_SOURCE` + /// Environment variables used in this container. + /// + /// + /// The following variables are reserved and cannot be overridden via env: + /// + /// + /// - `$PROJECTS_ROOT` + /// + /// + /// - `$PROJECT_SOURCE` #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, pub image: String, @@ -1102,11 +1287,16 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsContainer { pub memory_limit: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "memoryRequest")] pub memory_request: Option, - /// Toggles whether or not the project source code should be mounted in the component. - /// Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. + /// Toggles whether or not the project source code should + /// be mounted in the component. + /// + /// + /// Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountSources")] pub mount_sources: Option, - /// Optional specification of the path in the container where project sources should be transferred/mounted when `mountSources` is `true`. When omitted, the default value of /projects is used. + /// Optional specification of the path in the container where + /// project sources should be transferred/mounted when `mountSources` is `true`. + /// When omitted, the default value of /projects is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceMapping")] pub source_mapping: Option, /// List of volumes mounts that should be mounted is this container. @@ -1130,37 +1320,73 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsContainerEndpoints { /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(rename = "targetPort")] pub target_port: i64, } @@ -1200,20 +1426,27 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsContainerEnv { /// Volume that should be mounted to a component container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsContainerVolumeMounts { - /// The volume mount name is the name of an existing `Volume` component. If several containers mount the same volume name then they will reuse the same volume and will be able to access to the same files. + /// The volume mount name is the name of an existing `Volume` component. + /// If several containers mount the same volume name + /// then they will reuse the same volume and will be able to access to the same files. pub name: String, - /// The path in the component container where the volume should be mounted. If not path is mentioned, default path is the is `/`. + /// The path in the component container where the volume should be mounted. + /// If not path is mentioned, default path is the is `/`. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, } -/// Custom component whose logic is implementation-dependant and should be provided by the user possibly through some dedicated controller +/// Custom component whose logic is implementation-dependant +/// and should be provided by the user +/// possibly through some dedicated controller #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsCustom { - /// Class of component that the associated implementation controller should use to process this command with the appropriate logic + /// Class of component that the associated implementation controller + /// should use to process this command with the appropriate logic #[serde(rename = "componentClass")] pub component_class: String, - /// Additional free-form configuration for this custom component that the implementation controller will know how to use + /// Additional free-form configuration for this custom component + /// that the implementation controller will know how to use #[serde(rename = "embeddedResource")] pub embedded_resource: BTreeMap, } @@ -1221,8 +1454,10 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsCustom { /// Allows specifying the definition of an image for outer loop builds #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsImage { - /// Defines if the image should be built during startup. - /// Default value is `false` + /// Defines if the image should be built during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoBuild")] pub auto_build: Option, /// Allows specifying dockerfile type build @@ -1251,14 +1486,17 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsImageDockerfile { /// Dockerfile's Git source #[serde(default, skip_serializing_if = "Option::is_none")] pub git: Option, - /// Specify if a privileged builder pod is required. - /// Default value is `false` + /// Specify if a privileged builder pod is required. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "rootRequired")] pub root_required: Option, /// Type of Dockerfile src #[serde(default, skip_serializing_if = "Option::is_none", rename = "srcType")] pub src_type: Option, - /// URI Reference of a Dockerfile. It can be a full URL or a relative URI from the current devfile as the base URI. + /// URI Reference of a Dockerfile. + /// It can be a full URL or a relative URI from the current devfile as the base URI. #[serde(default, skip_serializing_if = "Option::is_none")] pub uri: Option, } @@ -1266,9 +1504,12 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsImageDockerfile { /// Dockerfile's Devfile Registry source #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsImageDockerfileDevfileRegistry { - /// Id in a devfile registry that contains a Dockerfile. The src in the OCI registry required for the Dockerfile build will be downloaded for building the image. + /// Id in a devfile registry that contains a Dockerfile. The src in the OCI registry + /// required for the Dockerfile build will be downloaded for building the image. pub id: String, - /// Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. To ensure the Dockerfile gets resolved consistently in different environments, it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. + /// Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. + /// To ensure the Dockerfile gets resolved consistently in different environments, + /// it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "registryUrl")] pub registry_url: Option, } @@ -1279,10 +1520,12 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsImageDockerfileGit { /// Defines from what the project should be checked out. Required if there are more than one remote configured #[serde(default, skip_serializing_if = "Option::is_none", rename = "checkoutFrom")] pub checkout_from: Option, - /// Location of the Dockerfile in the Git repository when using git as Dockerfile src. Defaults to Dockerfile. + /// Location of the Dockerfile in the Git repository when using git as Dockerfile src. + /// Defaults to Dockerfile. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileLocation")] pub file_location: Option, - /// The remotes map which should be initialized in the git project. Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. + /// The remotes map which should be initialized in the git project. + /// Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. pub remotes: BTreeMap, } @@ -1292,7 +1535,8 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsImageDockerfileGitCheckoutF /// The remote name should be used as init. Required if there are more than one remote configured #[serde(default, skip_serializing_if = "Option::is_none")] pub remote: Option, - /// The revision to checkout from. Should be branch name, tag or commit id. Default branch is used if missing or specified revision is not found. + /// The revision to checkout from. Should be branch name, tag or commit id. + /// Default branch is used if missing or specified revision is not found. #[serde(default, skip_serializing_if = "Option::is_none")] pub revision: Option, } @@ -1311,11 +1555,15 @@ pub enum CheClusterDevEnvironmentsDefaultComponentsImageImageType { Dockerfile, } -/// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the Kubernetes resources +/// defined in a given manifest. For example this allows reusing the Kubernetes +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsKubernetes { - /// Defines if the component should be deployed during startup. - /// Default value is `false` + /// Defines if the component should be deployed during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "deployByDefault")] pub deploy_by_default: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1336,37 +1584,73 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsKubernetesEndpoints { /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(rename = "targetPort")] pub target_port: i64, } @@ -1397,18 +1681,24 @@ pub enum CheClusterDevEnvironmentsDefaultComponentsKubernetesEndpointsProtocol { Udp, } -/// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the Kubernetes resources +/// defined in a given manifest. For example this allows reusing the Kubernetes +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CheClusterDevEnvironmentsDefaultComponentsKubernetesLocationType { Uri, Inlined, } -/// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the OpenShift resources +/// defined in a given manifest. For example this allows reusing the OpenShift +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsOpenshift { - /// Defines if the component should be deployed during startup. - /// Default value is `false` + /// Defines if the component should be deployed during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "deployByDefault")] pub deploy_by_default: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1429,37 +1719,73 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsOpenshiftEndpoints { /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(rename = "targetPort")] pub target_port: i64, } @@ -1490,21 +1816,30 @@ pub enum CheClusterDevEnvironmentsDefaultComponentsOpenshiftEndpointsProtocol { Udp, } -/// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the OpenShift resources +/// defined in a given manifest. For example this allows reusing the OpenShift +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CheClusterDevEnvironmentsDefaultComponentsOpenshiftLocationType { Uri, Inlined, } -/// Allows importing a plugin. -/// Plugins are mainly imported devfiles that contribute components, commands and events as a consistent single unit. They are defined in either YAML files following the devfile syntax, or as `DevWorkspaceTemplate` Kubernetes Custom Resources +/// Allows importing a plugin. +/// +/// +/// Plugins are mainly imported devfiles that contribute components, commands +/// and events as a consistent single unit. They are defined in either YAML files +/// following the devfile syntax, +/// or as `DevWorkspaceTemplate` Kubernetes Custom Resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsPlugin { - /// Overrides of commands encapsulated in a parent devfile or a plugin. Overriding is done according to K8S strategic merge patch standard rules. + /// Overrides of commands encapsulated in a parent devfile or a plugin. + /// Overriding is done according to K8S strategic merge patch standard rules. #[serde(default, skip_serializing_if = "Option::is_none")] pub commands: Option>, - /// Overrides of components encapsulated in a parent devfile or a plugin. Overriding is done according to K8S strategic merge patch standard rules. + /// Overrides of components encapsulated in a parent devfile or a plugin. + /// Overriding is done according to K8S strategic merge patch standard rules. #[serde(default, skip_serializing_if = "Option::is_none")] pub components: Option>, /// Id in a registry that contains a Devfile yaml file @@ -1516,22 +1851,38 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPlugin { /// Reference to a Kubernetes CRD of type DevWorkspaceTemplate #[serde(default, skip_serializing_if = "Option::is_none")] pub kubernetes: Option, - /// Registry URL to pull the parent devfile from when using id in the parent reference. To ensure the parent devfile gets resolved consistently in different environments, it is recommended to always specify the `registryUrl` when `id` is used. + /// Registry URL to pull the parent devfile from when using id in the parent reference. + /// To ensure the parent devfile gets resolved consistently in different environments, + /// it is recommended to always specify the `registryUrl` when `id` is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "registryUrl")] pub registry_url: Option, - /// URI Reference of a parent devfile YAML file. It can be a full URL or a relative URI with the current devfile as the base URI. + /// URI Reference of a parent devfile YAML file. + /// It can be a full URL or a relative URI with the current devfile as the base URI. #[serde(default, skip_serializing_if = "Option::is_none")] pub uri: Option, - /// Specific stack/sample version to pull the parent devfile from, when using id in the parent reference. To specify `version`, `id` must be defined and used as the import reference source. `version` can be either a specific stack version, or `latest`. If no `version` specified, default version will be used. + /// Specific stack/sample version to pull the parent devfile from, when using id in the parent reference. + /// To specify `version`, `id` must be defined and used as the import reference source. + /// `version` can be either a specific stack version, or `latest`. + /// If no `version` specified, default version will be used. #[serde(default, skip_serializing_if = "Option::is_none")] pub version: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsPluginCommands { - /// Command that consists in applying a given component definition, typically bound to a devworkspace event. - /// For example, when an `apply` command is bound to a `preStart` event, and references a `container` component, it will start the container as a K8S initContainer in the devworkspace POD, unless the component has its `dedicatedPod` field set to `true`. - /// When no `apply` command exist for a given component, it is assumed the component will be applied at devworkspace start by default, unless `deployByDefault` for that component is set to false. + /// Command that consists in applying a given component definition, + /// typically bound to a devworkspace event. + /// + /// + /// For example, when an `apply` command is bound to a `preStart` event, + /// and references a `container` component, it will start the container as a + /// K8S initContainer in the devworkspace POD, unless the component has its + /// `dedicatedPod` field set to `true`. + /// + /// + /// When no `apply` command exist for a given component, + /// it is assumed the component will be applied at devworkspace start + /// by default, unless `deployByDefault` for that component is set to false. #[serde(default, skip_serializing_if = "Option::is_none")] pub apply: Option, /// Map of implementation-dependant free-form YAML attributes. @@ -1540,19 +1891,32 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginCommands { /// Type of devworkspace command #[serde(default, skip_serializing_if = "Option::is_none", rename = "commandType")] pub command_type: Option, - /// Composite command that allows executing several sub-commands either sequentially or concurrently + /// Composite command that allows executing several sub-commands + /// either sequentially or concurrently #[serde(default, skip_serializing_if = "Option::is_none")] pub composite: Option, /// CLI Command executed in an existing component container #[serde(default, skip_serializing_if = "Option::is_none")] pub exec: Option, - /// Mandatory identifier that allows referencing this command in composite commands, from a parent, or in events. + /// Mandatory identifier that allows referencing + /// this command in composite commands, from + /// a parent, or in events. pub id: String, } -/// Command that consists in applying a given component definition, typically bound to a devworkspace event. -/// For example, when an `apply` command is bound to a `preStart` event, and references a `container` component, it will start the container as a K8S initContainer in the devworkspace POD, unless the component has its `dedicatedPod` field set to `true`. -/// When no `apply` command exist for a given component, it is assumed the component will be applied at devworkspace start by default, unless `deployByDefault` for that component is set to false. +/// Command that consists in applying a given component definition, +/// typically bound to a devworkspace event. +/// +/// +/// For example, when an `apply` command is bound to a `preStart` event, +/// and references a `container` component, it will start the container as a +/// K8S initContainer in the devworkspace POD, unless the component has its +/// `dedicatedPod` field set to `true`. +/// +/// +/// When no `apply` command exist for a given component, +/// it is assumed the component will be applied at devworkspace start +/// by default, unless `deployByDefault` for that component is set to false. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsPluginCommandsApply { /// Describes component that will be applied @@ -1561,7 +1925,8 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginCommandsApply { /// Defines the group this command is part of #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// Optional label that provides a label for this command to be used in Editor UI menus for example + /// Optional label that provides a label for this command + /// to be used in Editor UI menus for example #[serde(default, skip_serializing_if = "Option::is_none")] pub label: Option, } @@ -1599,7 +1964,8 @@ pub enum CheClusterDevEnvironmentsDefaultComponentsPluginCommandsCommandType { Composite, } -/// Composite command that allows executing several sub-commands either sequentially or concurrently +/// Composite command that allows executing several sub-commands +/// either sequentially or concurrently #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsPluginCommandsComposite { /// The commands that comprise this composite command @@ -1608,7 +1974,8 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginCommandsComposite { /// Defines the group this command is part of #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// Optional label that provides a label for this command to be used in Editor UI menus for example + /// Optional label that provides a label for this command + /// to be used in Editor UI menus for example #[serde(default, skip_serializing_if = "Option::is_none")] pub label: Option, /// Indicates if the sub-commands should be executed concurrently @@ -1645,32 +2012,52 @@ pub enum CheClusterDevEnvironmentsDefaultComponentsPluginCommandsCompositeGroupK /// CLI Command executed in an existing component container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsPluginCommandsExec { - /// The actual command-line string - /// Special variables that can be used: - /// - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. - /// - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. + /// The actual command-line string + /// + /// + /// Special variables that can be used: + /// + /// + /// - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. + /// + /// + /// - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. #[serde(default, skip_serializing_if = "Option::is_none", rename = "commandLine")] pub command_line: Option, /// Describes component to which given action relates #[serde(default, skip_serializing_if = "Option::is_none")] pub component: Option, - /// Optional list of environment variables that have to be set before running the command + /// Optional list of environment variables that have to be set + /// before running the command #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, /// Defines the group this command is part of #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// Specify whether the command is restarted or not when the source code changes. If set to `true` the command won't be restarted. A *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted. A *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again. This field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`. - /// Default value is `false` + /// Specify whether the command is restarted or not when the source code changes. + /// If set to `true` the command won't be restarted. + /// A *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted. + /// A *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again. + /// This field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "hotReloadCapable")] pub hot_reload_capable: Option, - /// Optional label that provides a label for this command to be used in Editor UI menus for example + /// Optional label that provides a label for this command + /// to be used in Editor UI menus for example #[serde(default, skip_serializing_if = "Option::is_none")] pub label: Option, - /// Working directory where the command should be executed - /// Special variables that can be used: - /// - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. - /// - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. + /// Working directory where the command should be executed + /// + /// + /// Special variables that can be used: + /// + /// + /// - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. + /// + /// + /// - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. #[serde(default, skip_serializing_if = "Option::is_none", rename = "workingDir")] pub working_dir: Option, } @@ -1722,15 +2109,22 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponents { /// Allows specifying the definition of an image for outer loop builds #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, - /// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. + /// Allows importing into the devworkspace the Kubernetes resources + /// defined in a given manifest. For example this allows reusing the Kubernetes + /// definitions used to deploy some runtime components in production. #[serde(default, skip_serializing_if = "Option::is_none")] pub kubernetes: Option, - /// Mandatory name that allows referencing the component from other elements (such as commands) or from an external devfile that may reference this component through a parent or a plugin. + /// Mandatory name that allows referencing the component + /// from other elements (such as commands) or from an external + /// devfile that may reference this component through a parent or a plugin. pub name: String, - /// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. + /// Allows importing into the devworkspace the OpenShift resources + /// defined in a given manifest. For example this allows reusing the OpenShift + /// definitions used to deploy some runtime components in production. #[serde(default, skip_serializing_if = "Option::is_none")] pub openshift: Option, - /// Allows specifying the definition of a volume shared by several other components + /// Allows specifying the definition of a volume + /// shared by several other components #[serde(default, skip_serializing_if = "Option::is_none")] pub volume: Option, } @@ -1750,28 +2144,41 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsContainer { /// Annotations that should be added to specific resources for this container #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option, - /// The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. - /// Defaults to an empty array, meaning use whatever is defined in the image. + /// The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. + /// + /// + /// Defaults to an empty array, meaning use whatever is defined in the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub args: Option>, - /// The command to run in the dockerimage component instead of the default one provided in the image. - /// Defaults to an empty array, meaning use whatever is defined in the image. + /// The command to run in the dockerimage component instead of the default one provided in the image. + /// + /// + /// Defaults to an empty array, meaning use whatever is defined in the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuLimit")] pub cpu_limit: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuRequest")] pub cpu_request: Option, - /// Specify if a container should run in its own separated pod, instead of running as part of the main development environment pod. - /// Default value is `false` + /// Specify if a container should run in its own separated pod, + /// instead of running as part of the main development environment pod. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "dedicatedPod")] pub dedicated_pod: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoints: Option>, - /// Environment variables used in this container. - /// The following variables are reserved and cannot be overridden via env: - /// - `$PROJECTS_ROOT` - /// - `$PROJECT_SOURCE` + /// Environment variables used in this container. + /// + /// + /// The following variables are reserved and cannot be overridden via env: + /// + /// + /// - `$PROJECTS_ROOT` + /// + /// + /// - `$PROJECT_SOURCE` #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1780,11 +2187,16 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsContainer { pub memory_limit: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "memoryRequest")] pub memory_request: Option, - /// Toggles whether or not the project source code should be mounted in the component. - /// Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. + /// Toggles whether or not the project source code should + /// be mounted in the component. + /// + /// + /// Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountSources")] pub mount_sources: Option, - /// Optional specification of the path in the container where project sources should be transferred/mounted when `mountSources` is `true`. When omitted, the default value of /projects is used. + /// Optional specification of the path in the container where + /// project sources should be transferred/mounted when `mountSources` is `true`. + /// When omitted, the default value of /projects is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceMapping")] pub source_mapping: Option, /// List of volumes mounts that should be mounted is this container. @@ -1808,37 +2220,73 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsContainerEn /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] pub target_port: Option, } @@ -1879,9 +2327,12 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsContainerEn /// Volume that should be mounted to a component container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsContainerVolumeMounts { - /// The volume mount name is the name of an existing `Volume` component. If several containers mount the same volume name then they will reuse the same volume and will be able to access to the same files. + /// The volume mount name is the name of an existing `Volume` component. + /// If several containers mount the same volume name + /// then they will reuse the same volume and will be able to access to the same files. pub name: String, - /// The path in the component container where the volume should be mounted. If not path is mentioned, default path is the is `/`. + /// The path in the component container where the volume should be mounted. + /// If not path is mentioned, default path is the is `/`. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, } @@ -1889,8 +2340,10 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsContainerVo /// Allows specifying the definition of an image for outer loop builds #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsImage { - /// Defines if the image should be built during startup. - /// Default value is `false` + /// Defines if the image should be built during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoBuild")] pub auto_build: Option, /// Allows specifying dockerfile type build @@ -1919,14 +2372,17 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsImageDocker /// Dockerfile's Git source #[serde(default, skip_serializing_if = "Option::is_none")] pub git: Option, - /// Specify if a privileged builder pod is required. - /// Default value is `false` + /// Specify if a privileged builder pod is required. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "rootRequired")] pub root_required: Option, /// Type of Dockerfile src #[serde(default, skip_serializing_if = "Option::is_none", rename = "srcType")] pub src_type: Option, - /// URI Reference of a Dockerfile. It can be a full URL or a relative URI from the current devfile as the base URI. + /// URI Reference of a Dockerfile. + /// It can be a full URL or a relative URI from the current devfile as the base URI. #[serde(default, skip_serializing_if = "Option::is_none")] pub uri: Option, } @@ -1934,10 +2390,13 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsImageDocker /// Dockerfile's Devfile Registry source #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsImageDockerfileDevfileRegistry { - /// Id in a devfile registry that contains a Dockerfile. The src in the OCI registry required for the Dockerfile build will be downloaded for building the image. + /// Id in a devfile registry that contains a Dockerfile. The src in the OCI registry + /// required for the Dockerfile build will be downloaded for building the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, - /// Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. To ensure the Dockerfile gets resolved consistently in different environments, it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. + /// Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. + /// To ensure the Dockerfile gets resolved consistently in different environments, + /// it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "registryUrl")] pub registry_url: Option, } @@ -1948,10 +2407,12 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsImageDocker /// Defines from what the project should be checked out. Required if there are more than one remote configured #[serde(default, skip_serializing_if = "Option::is_none", rename = "checkoutFrom")] pub checkout_from: Option, - /// Location of the Dockerfile in the Git repository when using git as Dockerfile src. Defaults to Dockerfile. + /// Location of the Dockerfile in the Git repository when using git as Dockerfile src. + /// Defaults to Dockerfile. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileLocation")] pub file_location: Option, - /// The remotes map which should be initialized in the git project. Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. + /// The remotes map which should be initialized in the git project. + /// Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. #[serde(default, skip_serializing_if = "Option::is_none")] pub remotes: Option>, } @@ -1962,7 +2423,8 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsImageDocker /// The remote name should be used as init. Required if there are more than one remote configured #[serde(default, skip_serializing_if = "Option::is_none")] pub remote: Option, - /// The revision to checkout from. Should be branch name, tag or commit id. Default branch is used if missing or specified revision is not found. + /// The revision to checkout from. Should be branch name, tag or commit id. + /// Default branch is used if missing or specified revision is not found. #[serde(default, skip_serializing_if = "Option::is_none")] pub revision: Option, } @@ -1982,11 +2444,15 @@ pub enum CheClusterDevEnvironmentsDefaultComponentsPluginComponentsImageImageTyp AutoBuild, } -/// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the Kubernetes resources +/// defined in a given manifest. For example this allows reusing the Kubernetes +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsKubernetes { - /// Defines if the component should be deployed during startup. - /// Default value is `false` + /// Defines if the component should be deployed during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "deployByDefault")] pub deploy_by_default: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2007,37 +2473,73 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsKubernetesE /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] pub target_port: Option, } @@ -2068,18 +2570,24 @@ pub enum CheClusterDevEnvironmentsDefaultComponentsPluginComponentsKubernetesEnd Udp, } -/// Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the Kubernetes resources +/// defined in a given manifest. For example this allows reusing the Kubernetes +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CheClusterDevEnvironmentsDefaultComponentsPluginComponentsKubernetesLocationType { Uri, Inlined, } -/// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the OpenShift resources +/// defined in a given manifest. For example this allows reusing the OpenShift +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsOpenshift { - /// Defines if the component should be deployed during startup. - /// Default value is `false` + /// Defines if the component should be deployed during startup. + /// + /// + /// Default value is `false` #[serde(default, skip_serializing_if = "Option::is_none", rename = "deployByDefault")] pub deploy_by_default: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2100,37 +2608,73 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsOpenshiftEn /// Annotations to be added to Kubernetes Ingress or Openshift Route #[serde(default, skip_serializing_if = "Option::is_none")] pub annotation: Option>, - /// Map of implementation-dependant string-based free-form attributes. - /// Examples of Che-specific attributes: - /// - cookiesAuthEnabled: "true" / "false", - /// - type: "terminal" / "ide" / "ide-dev", + /// Map of implementation-dependant string-based free-form attributes. + /// + /// + /// Examples of Che-specific attributes: + /// + /// + /// - cookiesAuthEnabled: "true" / "false", + /// + /// + /// - type: "terminal" / "ide" / "ide-dev", #[serde(default, skip_serializing_if = "Option::is_none")] pub attributes: Option>, - /// Describes how the endpoint should be exposed on the network. - /// - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. - /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. - /// - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. - /// Default value is `public` + /// Describes how the endpoint should be exposed on the network. + /// + /// + /// - `public` means that the endpoint will be exposed on the public network, typically through + /// a K8S ingress or an OpenShift route. + /// + /// + /// - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + /// typically by K8S services, to be consumed by other elements running + /// on the same cloud internal network. + /// + /// + /// - `none` means that the endpoint will not be exposed and will only be accessible + /// inside the main devworkspace POD, on a local address. + /// + /// + /// Default value is `public` #[serde(default, skip_serializing_if = "Option::is_none")] pub exposure: Option, pub name: String, /// Path of the endpoint URL #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Describes the application and transport protocols of the traffic that will go through this endpoint. - /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. - /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. - /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. - /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. - /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. - /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. - /// Default value is `http` + /// Describes the application and transport protocols of the traffic that will go through this endpoint. + /// + /// + /// - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + /// + /// + /// - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + /// + /// + /// - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + /// It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + /// + /// + /// - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + /// + /// + /// - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + /// + /// + /// - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + /// + /// + /// Default value is `http` #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + /// Describes whether the endpoint should be secured and protected by some + /// authentication process. This requires a protocol of `https` or `wss`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secure: Option, - /// Port number to be used within the container component. The same port cannot be used by two different container components. + /// Port number to be used within the container component. The same port cannot + /// be used by two different container components. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] pub target_port: Option, } @@ -2161,17 +2705,21 @@ pub enum CheClusterDevEnvironmentsDefaultComponentsPluginComponentsOpenshiftEndp Udp, } -/// Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. +/// Allows importing into the devworkspace the OpenShift resources +/// defined in a given manifest. For example this allows reusing the OpenShift +/// definitions used to deploy some runtime components in production. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CheClusterDevEnvironmentsDefaultComponentsPluginComponentsOpenshiftLocationType { Uri, Inlined, } -/// Allows specifying the definition of a volume shared by several other components +/// Allows specifying the definition of a volume +/// shared by several other components #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsVolume { - /// Ephemeral volumes are not stored persistently across restarts. Defaults to false + /// Ephemeral volumes are not stored persistently across restarts. Defaults + /// to false #[serde(default, skip_serializing_if = "Option::is_none")] pub ephemeral: Option, /// Size of the volume @@ -2179,8 +2727,13 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginComponentsVolume { pub size: Option, } -/// Allows importing a plugin. -/// Plugins are mainly imported devfiles that contribute components, commands and events as a consistent single unit. They are defined in either YAML files following the devfile syntax, or as `DevWorkspaceTemplate` Kubernetes Custom Resources +/// Allows importing a plugin. +/// +/// +/// Plugins are mainly imported devfiles that contribute components, commands +/// and events as a consistent single unit. They are defined in either YAML files +/// following the devfile syntax, +/// or as `DevWorkspaceTemplate` Kubernetes Custom Resources #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CheClusterDevEnvironmentsDefaultComponentsPluginImportReferenceType { Uri, @@ -2196,10 +2749,12 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsPluginKubernetes { pub namespace: Option, } -/// Allows specifying the definition of a volume shared by several other components +/// Allows specifying the definition of a volume +/// shared by several other components #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultComponentsVolume { - /// Ephemeral volumes are not stored persistently across restarts. Defaults to false + /// Ephemeral volumes are not stored persistently across restarts. Defaults + /// to false #[serde(default, skip_serializing_if = "Option::is_none")] pub ephemeral: Option, /// Size of the volume @@ -2210,17 +2765,20 @@ pub struct CheClusterDevEnvironmentsDefaultComponentsVolume { /// User's default namespace. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultNamespace { - /// Indicates if is allowed to automatically create a user namespace. If it set to false, then user namespace must be pre-created by a cluster administrator. + /// Indicates if is allowed to automatically create a user namespace. + /// If it set to false, then user namespace must be pre-created by a cluster administrator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoProvision")] pub auto_provision: Option, - /// If you don't create the user namespaces in advance, this field defines the Kubernetes namespace created when you start your first workspace. You can use `` and `` placeholders, such as che-workspace-. + /// If you don't create the user namespaces in advance, this field defines the Kubernetes namespace created when you start your first workspace. + /// You can use `` and `` placeholders, such as che-workspace-. #[serde(default, skip_serializing_if = "Option::is_none")] pub template: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsDefaultPlugins { - /// The editor ID to specify default plug-ins for. The plugin ID must have `publisher/name/version` format. + /// The editor ID to specify default plug-ins for. + /// The plugin ID must have `publisher/name/version` format. #[serde(default, skip_serializing_if = "Option::is_none")] pub editor: Option, /// Default plug-in URIs for the specified editor. @@ -2260,7 +2818,15 @@ pub struct CheClusterDevEnvironmentsGatewayContainer { pub struct CheClusterDevEnvironmentsGatewayContainerEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -2274,10 +2840,12 @@ pub struct CheClusterDevEnvironmentsGatewayContainerEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -2290,7 +2858,9 @@ pub struct CheClusterDevEnvironmentsGatewayContainerEnvValueFrom { pub struct CheClusterDevEnvironmentsGatewayContainerEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2298,7 +2868,8 @@ pub struct CheClusterDevEnvironmentsGatewayContainerEnvValueFromConfigMapKeyRef pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsGatewayContainerEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -2309,7 +2880,8 @@ pub struct CheClusterDevEnvironmentsGatewayContainerEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsGatewayContainerEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -2327,7 +2899,9 @@ pub struct CheClusterDevEnvironmentsGatewayContainerEnvValueFromResourceFieldRef pub struct CheClusterDevEnvironmentsGatewayContainerEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2357,10 +2931,14 @@ pub struct CheClusterDevEnvironmentsGatewayContainerResources { /// Describes the maximum amount of compute resources allowed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsGatewayContainerResourcesLimits { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -2368,10 +2946,14 @@ pub struct CheClusterDevEnvironmentsGatewayContainerResourcesLimits { /// Describes the minimum amount of compute resources required. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsGatewayContainerResourcesRequest { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -2384,10 +2966,14 @@ pub enum CheClusterDevEnvironmentsImagePullPolicy { Never, } -/// PersistUserHome defines configuration options for persisting the user home directory in workspaces. +/// PersistUserHome defines configuration options for persisting the +/// user home directory in workspaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsPersistUserHome { - /// Determines whether the user home directory in workspaces should persist between workspace shutdown and startup. Must be used with the 'per-user' or 'per-workspace' PVC strategy in order to take effect. Disabled by default. + /// Determines whether the user home directory in workspaces should persist between + /// workspace shutdown and startup. + /// Must be used with the 'per-user' or 'per-workspace' PVC strategy in order to take effect. + /// Disabled by default. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, } @@ -2417,7 +3003,15 @@ pub struct CheClusterDevEnvironmentsProjectCloneContainer { pub struct CheClusterDevEnvironmentsProjectCloneContainerEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -2431,10 +3025,12 @@ pub struct CheClusterDevEnvironmentsProjectCloneContainerEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -2447,7 +3043,9 @@ pub struct CheClusterDevEnvironmentsProjectCloneContainerEnvValueFrom { pub struct CheClusterDevEnvironmentsProjectCloneContainerEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2455,7 +3053,8 @@ pub struct CheClusterDevEnvironmentsProjectCloneContainerEnvValueFromConfigMapKe pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsProjectCloneContainerEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -2466,7 +3065,8 @@ pub struct CheClusterDevEnvironmentsProjectCloneContainerEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsProjectCloneContainerEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -2484,7 +3084,9 @@ pub struct CheClusterDevEnvironmentsProjectCloneContainerEnvValueFromResourceFie pub struct CheClusterDevEnvironmentsProjectCloneContainerEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2514,10 +3116,14 @@ pub struct CheClusterDevEnvironmentsProjectCloneContainerResources { /// Describes the maximum amount of compute resources allowed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsProjectCloneContainerResourcesLimits { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -2525,10 +3131,14 @@ pub struct CheClusterDevEnvironmentsProjectCloneContainerResourcesLimits { /// Describes the minimum amount of compute resources required. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsProjectCloneContainerResourcesRequest { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -2536,53 +3146,100 @@ pub struct CheClusterDevEnvironmentsProjectCloneContainerResourcesRequest { /// Workspace security configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsSecurity { - /// Container SecurityContext used by all workspace-related containers. If set, defined values are merged into the default Container SecurityContext configuration. Requires devEnvironments.disableContainerBuildCapabilities to be set to `true` in order to take effect. + /// Container SecurityContext used by all workspace-related containers. + /// If set, defined values are merged into the default Container SecurityContext configuration. + /// Requires devEnvironments.disableContainerBuildCapabilities to be set to `true` in order to take effect. #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerSecurityContext")] pub container_security_context: Option, - /// PodSecurityContext used by all workspace-related pods. If set, defined values are merged into the default PodSecurityContext configuration. + /// PodSecurityContext used by all workspace-related pods. + /// If set, defined values are merged into the default PodSecurityContext configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurityContext")] pub pod_security_context: Option, } -/// Container SecurityContext used by all workspace-related containers. If set, defined values are merged into the default Container SecurityContext configuration. Requires devEnvironments.disableContainerBuildCapabilities to be set to `true` in order to take effect. +/// Container SecurityContext used by all workspace-related containers. +/// If set, defined values are merged into the default Container SecurityContext configuration. +/// Requires devEnvironments.disableContainerBuildCapabilities to be set to `true` in order to take effect. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsSecurityContainerSecurityContext { - /// AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, - /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, - /// Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, - /// procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] pub proc_mount: Option, - /// Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] pub read_only_root_filesystem: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsSecurityContainerSecurityContextCapabilities { /// Added capabilities @@ -2593,7 +3250,11 @@ pub struct CheClusterDevEnvironmentsSecurityContainerSecurityContextCapabilities pub drop: Option>, } -/// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsSecurityContainerSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -2610,72 +3271,150 @@ pub struct CheClusterDevEnvironmentsSecurityContainerSecurityContextSeLinuxOptio pub user: Option, } -/// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsSecurityContainerSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must only be set if type is "Localhost". #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsSecurityContainerSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// This field is alpha-level and will only be honored by components that enable the + /// WindowsHostProcessContainers feature flag. Setting this field without the feature + /// flag will result in errors when validating the Pod. All of a Pod's containers must + /// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess + /// containers and non-HostProcess containers). In addition, if HostProcess is true + /// then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } -/// PodSecurityContext used by all workspace-related pods. If set, defined values are merged into the default PodSecurityContext configuration. +/// PodSecurityContext used by all workspace-related pods. +/// If set, defined values are merged into the default PodSecurityContext configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsSecurityPodSecurityContext { - /// A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - /// 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. + /// A special supplemental group that applies to all containers in a pod. + /// Some volume types allow the Kubelet to change the ownership of that volume + /// to be owned by the pod: + /// + /// + /// 1. The owning GID will be the FSGroup + /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + /// + /// + /// If unset, the Kubelet will not modify the ownership and permissions of any volume. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] pub fs_group: Option, - /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. + /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + /// before being exposed inside Pod. This field will only apply to + /// volume types which support fsGroup based ownership(and permissions). + /// It will have no effect on ephemeral volume types such as: secret, configmaps + /// and emptydir. + /// Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroupChangePolicy")] pub fs_group_change_policy: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to all containers. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in SecurityContext. If set in + /// both SecurityContext and PodSecurityContext, the value specified in SecurityContext + /// takes precedence for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by the containers in this pod. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. + /// A list of groups applied to the first process run in each container, in addition + /// to the container's primary GID, the fsGroup (if specified), and group memberships + /// defined in the container image for the uid of the container process. If unspecified, + /// no additional groups are added to any container. Note that group memberships + /// defined in the container image for the uid of the container process are still effective, + /// even if they are not included in this list. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, - /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. + /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + /// sysctls (by the container runtime) might fail to launch. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, - /// The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options within a container's SecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to all containers. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in SecurityContext. If set in +/// both SecurityContext and PodSecurityContext, the value specified in SecurityContext +/// takes precedence for that container. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsSecurityPodSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -2692,14 +3431,23 @@ pub struct CheClusterDevEnvironmentsSecurityPodSecurityContextSeLinuxOptions { pub user: Option, } -/// The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by the containers in this pod. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsSecurityPodSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must only be set if type is "Localhost". #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } @@ -2713,37 +3461,63 @@ pub struct CheClusterDevEnvironmentsSecurityPodSecurityContextSysctls { pub value: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options within a container's SecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsSecurityPodSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// This field is alpha-level and will only be honored by components that enable the + /// WindowsHostProcessContainers feature flag. Setting this field without the feature + /// flag will result in errors when validating the Pod. All of a Pod's containers must + /// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess + /// containers and non-HostProcess containers). In addition, if HostProcess is true + /// then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsServiceAccountTokens { - /// Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + /// Audience is the intended audience of the token. A recipient of a token + /// must identify itself with an identifier specified in the audience of the + /// token, and otherwise should reject the token. The audience defaults to the + /// identifier of the apiserver. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, - /// ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours. Defaults to 1 hour and must be at least 10 minutes. + /// ExpirationSeconds is the requested duration of validity of the service + /// account token. As the token approaches expiration, the kubelet volume + /// plugin will proactively rotate the service account token. The kubelet will + /// start trying to rotate the token if the token is older than 80 percent of + /// its time to live or if the token is older than 24 hours. Defaults to 1 hour + /// and must be at least 10 minutes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] pub expiration_seconds: Option, - /// Path within the workspace container at which the token should be mounted. Must not contain ':'. + /// Path within the workspace container at which the token should be mounted. Must + /// not contain ':'. #[serde(rename = "mountPath")] pub mount_path: String, - /// Identifiable name of the ServiceAccount token. If multiple ServiceAccount tokens use the same mount path, a generic name will be used for the projected volume instead. + /// Identifiable name of the ServiceAccount token. + /// If multiple ServiceAccount tokens use the same mount path, a generic name will be used + /// for the projected volume instead. pub name: String, - /// Path is the path relative to the mount point of the file to project the token into. + /// Path is the path relative to the mount point of the file to project the + /// token into. pub path: String, } @@ -2756,7 +3530,11 @@ pub struct CheClusterDevEnvironmentsStorage { /// PVC settings when using the `per-workspace` PVC strategy. #[serde(default, skip_serializing_if = "Option::is_none", rename = "perWorkspaceStrategyPvcConfig")] pub per_workspace_strategy_pvc_config: Option, - /// Persistent volume claim strategy for the Che server. The supported strategies are: `per-user` (all workspaces PVCs in one volume), `per-workspace` (each workspace is given its own individual PVC) and `ephemeral` (non-persistent storage where local changes will be lost when the workspace is stopped.) + /// Persistent volume claim strategy for the Che server. + /// The supported strategies are: `per-user` (all workspaces PVCs in one volume), + /// `per-workspace` (each workspace is given its own individual PVC) + /// and `ephemeral` (non-persistent storage where local changes will be lost when + /// the workspace is stopped.) #[serde(default, skip_serializing_if = "Option::is_none", rename = "pvcStrategy")] pub pvc_strategy: Option, } @@ -2796,22 +3574,32 @@ pub enum CheClusterDevEnvironmentsStoragePvcStrategy { Ephemeral, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. #[serde(default, skip_serializing_if = "Option::is_none")] pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, } @@ -2819,7 +3607,9 @@ pub struct CheClusterDevEnvironmentsTolerations { /// Trusted certificate settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsTrustedCerts { - /// The ConfigMap contains certificates to propagate to the Che components and to provide a particular configuration for Git. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/deploying-che-with-support-for-git-repositories-with-self-signed-certificates/ The ConfigMap must have a `app.kubernetes.io/part-of=che.eclipse.org` label. + /// The ConfigMap contains certificates to propagate to the Che components and to provide a particular configuration for Git. + /// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/deploying-che-with-support-for-git-repositories-with-self-signed-certificates/ + /// The ConfigMap must have a `app.kubernetes.io/part-of=che.eclipse.org` label. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitTrustedCertsConfigMapName")] pub git_trusted_certs_config_map_name: Option, } @@ -2827,7 +3617,8 @@ pub struct CheClusterDevEnvironmentsTrustedCerts { /// User configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterDevEnvironmentsUser { - /// Additional ClusterRoles assigned to the user. The role must have `app.kubernetes.io/part-of=che.eclipse.org` label. + /// Additional ClusterRoles assigned to the user. + /// The role must have `app.kubernetes.io/part-of=che.eclipse.org` label. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] pub cluster_roles: Option>, } @@ -2852,7 +3643,8 @@ pub struct CheClusterGitServices { /// AzureDevOpsService enables users to work with repositories hosted on Azure DevOps Service (dev.azure.com). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterGitServicesAzure { - /// Kubernetes secret, that contains Base64-encoded Azure DevOps Service Application ID and Client Secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-microsoft-azure-devops-services + /// Kubernetes secret, that contains Base64-encoded Azure DevOps Service Application ID and Client Secret. + /// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-microsoft-azure-devops-services #[serde(rename = "secretName")] pub secret_name: String, } @@ -2860,10 +3652,14 @@ pub struct CheClusterGitServicesAzure { /// BitBucketService enables users to work with repositories hosted on Bitbucket (bitbucket.org or self-hosted). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterGitServicesBitbucket { - /// Bitbucket server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/. + /// Bitbucket server endpoint URL. + /// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + /// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, - /// Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/. + /// Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data. + /// See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ + /// and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/. #[serde(rename = "secretName")] pub secret_name: String, } @@ -2871,13 +3667,18 @@ pub struct CheClusterGitServicesBitbucket { /// GitHubService enables users to work with repositories hosted on GitHub (GitHub.com or GitHub Enterprise). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterGitServicesGithub { - /// Disables subdomain isolation. Deprecated in favor of `che.eclipse.org/scm-github-disable-subdomain-isolation` annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. + /// Disables subdomain isolation. + /// Deprecated in favor of `che.eclipse.org/scm-github-disable-subdomain-isolation` annotation. + /// See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableSubdomainIsolation")] pub disable_subdomain_isolation: Option, - /// GitHub server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. + /// GitHub server endpoint URL. + /// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + /// See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, - /// Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. + /// Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret. + /// See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. #[serde(rename = "secretName")] pub secret_name: String, } @@ -2885,10 +3686,13 @@ pub struct CheClusterGitServicesGithub { /// GitLabService enables users to work with repositories hosted on GitLab (gitlab.com or self-hosted). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterGitServicesGitlab { - /// GitLab server endpoint URL. Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. + /// GitLab server endpoint URL. + /// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + /// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, - /// Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. + /// Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret. + /// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. #[serde(rename = "secretName")] pub secret_name: String, } @@ -2896,25 +3700,37 @@ pub struct CheClusterGitServicesGitlab { /// Networking, Che authentication, and TLS configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterNetworking { - /// Defines annotations which will be set for an Ingress (a route for OpenShift platform). The defaults for kubernetes platforms are: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/proxy-read-timeout: "3600", nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600", nginx.ingress.kubernetes.io/ssl-redirect: "true" + /// Defines annotations which will be set for an Ingress (a route for OpenShift platform). + /// The defaults for kubernetes platforms are: + /// kubernetes.io/ingress.class: "nginx" + /// nginx.ingress.kubernetes.io/proxy-read-timeout: "3600", + /// nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600", + /// nginx.ingress.kubernetes.io/ssl-redirect: "true" #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, /// Authentication settings. #[serde(default, skip_serializing_if = "Option::is_none")] pub auth: Option, - /// For an OpenShift cluster, the Operator uses the domain to generate a hostname for the route. The generated hostname follows this pattern: che-.. The is the namespace where the CheCluster CRD is created. In conjunction with labels, it creates a route served by a non-default Ingress controller. For a Kubernetes cluster, it contains a global ingress domain. There are no default values: you must specify them. + /// For an OpenShift cluster, the Operator uses the domain to generate a hostname for the route. + /// The generated hostname follows this pattern: che-.. The is the namespace where the CheCluster CRD is created. + /// In conjunction with labels, it creates a route served by a non-default Ingress controller. + /// For a Kubernetes cluster, it contains a global ingress domain. There are no default values: you must specify them. #[serde(default, skip_serializing_if = "Option::is_none")] pub domain: Option, /// The public hostname of the installed Che server. #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, - /// IngressClassName is the name of an IngressClass cluster resource. If a class name is defined in both the `IngressClassName` field and the `kubernetes.io/ingress.class` annotation, `IngressClassName` field takes precedence. + /// IngressClassName is the name of an IngressClass cluster resource. + /// If a class name is defined in both the `IngressClassName` field and the `kubernetes.io/ingress.class` annotation, + /// `IngressClassName` field takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressClassName")] pub ingress_class_name: Option, /// Defines labels which will be set for an Ingress (a route for OpenShift platform). #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, - /// The name of the secret used to set up Ingress TLS termination. If the field is an empty string, the default cluster certificate is used. The secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label. + /// The name of the secret used to set up Ingress TLS termination. + /// If the field is an empty string, the default cluster certificate is used. + /// The secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsSecretName")] pub tls_secret_name: Option, } @@ -2922,7 +3738,11 @@ pub struct CheClusterNetworking { /// Authentication settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterNetworkingAuth { - /// Advance authorization settings. Determines which users and groups are allowed to access Che. User is allowed to access Che if he/she is either in the `allowUsers` list or is member of group from `allowGroups` list and not in neither the `denyUsers` list nor is member of group from `denyGroups` list. If `allowUsers` and `allowGroups` are empty, then all users are allowed to access Che. if `denyUsers` and `denyGroups` are empty, then no users are denied to access Che. + /// Advance authorization settings. Determines which users and groups are allowed to access Che. + /// User is allowed to access Che if he/she is either in the `allowUsers` list or is member of group from `allowGroups` list + /// and not in neither the `denyUsers` list nor is member of group from `denyGroups` list. + /// If `allowUsers` and `allowGroups` are empty, then all users are allowed to access Che. + /// if `denyUsers` and `denyGroups` are empty, then no users are denied to access Che. #[serde(default, skip_serializing_if = "Option::is_none", rename = "advancedAuthorization")] pub advanced_authorization: Option, /// Gateway settings. @@ -2931,27 +3751,39 @@ pub struct CheClusterNetworkingAuth { /// Public URL of the Identity Provider server. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityProviderURL")] pub identity_provider_url: Option, - /// Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`. Default value is `id_token`. This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. + /// Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`. + /// Default value is `id_token`. + /// This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityToken")] pub identity_token: Option, - /// Inactivity timeout for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. 0 means tokens for this client never time out. + /// Inactivity timeout for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. + /// 0 means tokens for this client never time out. #[serde(default, skip_serializing_if = "Option::is_none", rename = "oAuthAccessTokenInactivityTimeoutSeconds")] pub o_auth_access_token_inactivity_timeout_seconds: Option, - /// Access token max age for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. 0 means no expiration. + /// Access token max age for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. + /// 0 means no expiration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "oAuthAccessTokenMaxAgeSeconds")] pub o_auth_access_token_max_age_seconds: Option, /// Name of the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. #[serde(default, skip_serializing_if = "Option::is_none", rename = "oAuthClientName")] pub o_auth_client_name: Option, - /// Access Token Scope. This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. + /// Access Token Scope. + /// This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. #[serde(default, skip_serializing_if = "Option::is_none", rename = "oAuthScope")] pub o_auth_scope: Option, - /// Name of the secret set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. For Kubernetes, this can either be the plain text oAuthSecret value, or the name of a kubernetes secret which contains a key `oAuthSecret` and the value is the secret. NOTE: this secret must exist in the same namespace as the `CheCluster` resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`. + /// Name of the secret set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. + /// For Kubernetes, this can either be the plain text oAuthSecret value, or the name of a kubernetes secret which contains a + /// key `oAuthSecret` and the value is the secret. NOTE: this secret must exist in the same namespace as the `CheCluster` + /// resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "oAuthSecret")] pub o_auth_secret: Option, } -/// Advance authorization settings. Determines which users and groups are allowed to access Che. User is allowed to access Che if he/she is either in the `allowUsers` list or is member of group from `allowGroups` list and not in neither the `denyUsers` list nor is member of group from `denyGroups` list. If `allowUsers` and `allowGroups` are empty, then all users are allowed to access Che. if `denyUsers` and `denyGroups` are empty, then no users are denied to access Che. +/// Advance authorization settings. Determines which users and groups are allowed to access Che. +/// User is allowed to access Che if he/she is either in the `allowUsers` list or is member of group from `allowGroups` list +/// and not in neither the `denyUsers` list nor is member of group from `denyGroups` list. +/// If `allowUsers` and `allowGroups` are empty, then all users are allowed to access Che. +/// if `denyUsers` and `denyGroups` are empty, then no users are denied to access Che. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterNetworkingAuthAdvancedAuthorization { /// List of groups allowed to access Che (currently supported in OpenShift only). @@ -2974,7 +3806,12 @@ pub struct CheClusterNetworkingAuthGateway { /// Gateway configuration labels. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configLabels")] pub config_labels: Option>, - /// Deployment override options. Since gateway deployment consists of several containers, they must be distinguished in the configuration by their names: - `gateway` - `configbump` - `oauth-proxy` - `kube-rbac-proxy` + /// Deployment override options. + /// Since gateway deployment consists of several containers, they must be distinguished in the configuration by their names: + /// - `gateway` + /// - `configbump` + /// - `oauth-proxy` + /// - `kube-rbac-proxy` #[serde(default, skip_serializing_if = "Option::is_none")] pub deployment: Option, /// Configuration for kube-rbac-proxy within the Che gateway pod. @@ -2988,7 +3825,12 @@ pub struct CheClusterNetworkingAuthGateway { pub traefik: Option, } -/// Deployment override options. Since gateway deployment consists of several containers, they must be distinguished in the configuration by their names: - `gateway` - `configbump` - `oauth-proxy` - `kube-rbac-proxy` +/// Deployment override options. +/// Since gateway deployment consists of several containers, they must be distinguished in the configuration by their names: +/// - `gateway` +/// - `configbump` +/// - `oauth-proxy` +/// - `kube-rbac-proxy` #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterNetworkingAuthGatewayDeployment { /// List of containers belonging to the pod. @@ -3024,7 +3866,15 @@ pub struct CheClusterNetworkingAuthGatewayDeploymentContainers { pub struct CheClusterNetworkingAuthGatewayDeploymentContainersEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -3038,10 +3888,12 @@ pub struct CheClusterNetworkingAuthGatewayDeploymentContainersEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -3054,7 +3906,9 @@ pub struct CheClusterNetworkingAuthGatewayDeploymentContainersEnvValueFrom { pub struct CheClusterNetworkingAuthGatewayDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3062,7 +3916,8 @@ pub struct CheClusterNetworkingAuthGatewayDeploymentContainersEnvValueFromConfig pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterNetworkingAuthGatewayDeploymentContainersEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -3073,7 +3928,8 @@ pub struct CheClusterNetworkingAuthGatewayDeploymentContainersEnvValueFromFieldR pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterNetworkingAuthGatewayDeploymentContainersEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -3091,7 +3947,9 @@ pub struct CheClusterNetworkingAuthGatewayDeploymentContainersEnvValueFromResour pub struct CheClusterNetworkingAuthGatewayDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3121,10 +3979,14 @@ pub struct CheClusterNetworkingAuthGatewayDeploymentContainersResources { /// Describes the maximum amount of compute resources allowed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterNetworkingAuthGatewayDeploymentContainersResourcesLimits { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -3132,10 +3994,14 @@ pub struct CheClusterNetworkingAuthGatewayDeploymentContainersResourcesLimits { /// Describes the minimum amount of compute resources required. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CheClusterNetworkingAuthGatewayDeploymentContainersResourcesRequest { - /// CPU, in cores. (500m = .5 cores) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// CPU, in cores. (500m = .5 cores) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) If the value is not specified, then the default value is set depending on the component. If value is `0`, then no value is set for the component. + /// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + /// If the value is not specified, then the default value is set depending on the component. + /// If value is `0`, then no value is set for the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, } @@ -3228,7 +4094,9 @@ pub struct CheClusterStatus { /// A brief CamelCase message indicating details about why the Che deployment is in the current phase. #[serde(default, skip_serializing_if = "Option::is_none")] pub reason: Option, - /// The resolved workspace base domain. This is either the copy of the explicitly defined property of the same name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically resolved basedomain for routes. + /// The resolved workspace base domain. This is either the copy of the explicitly defined property of the + /// same name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically + /// resolved basedomain for routes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "workspaceBaseDomain")] pub workspace_base_domain: Option, } diff --git a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgbackups.rs b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgbackups.rs index f2bdf3d2c..10afce3fa 100644 --- a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgbackups.rs +++ b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgbackups.rs @@ -38,12 +38,16 @@ pub struct PerconaPGBackupStatus { pub backup_type: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub completed: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "crVersion")] + pub cr_version: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub destination: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "jobName")] pub job_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "latestRestorableTime")] + pub latest_restorable_time: Option, /// PGBackRestRepo represents a pgBackRest repository. Only one of its members may be specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub repo: Option, diff --git a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs index 4a992fbb5..ce4e351ad 100644 --- a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs +++ b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs @@ -120,6 +120,9 @@ pub struct PerconaPGClusterBackupsPgbackrest { /// https://pgbackrest.org/configuration.html #[serde(default, skip_serializing_if = "Option::is_none")] pub configuration: Option>, + /// Configuration for pgBackRest sidecar containers + #[serde(default, skip_serializing_if = "Option::is_none")] + pub containers: Option, /// Global pgBackRest configuration settings. These settings are included in the "global" /// section of the pgBackRest configuration generated by the PostgreSQL Operator, and then /// mounted under "/etc/pgbackrest/conf.d": @@ -150,7 +153,7 @@ pub struct PerconaPGClusterBackupsPgbackrest { /// Defines details for performing an in-place restore using pgBackRest #[serde(default, skip_serializing_if = "Option::is_none")] pub restore: Option, - /// Configuration for pgBackRest sidecar containers + /// Deprecated: Use Containers instead #[serde(default, skip_serializing_if = "Option::is_none")] pub sidecars: Option, } @@ -280,8 +283,12 @@ pub struct PerconaPGClusterBackupsPgbackrestConfigurationConfigMap { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -377,8 +384,12 @@ pub struct PerconaPGClusterBackupsPgbackrestConfigurationSecret { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -428,6 +439,103 @@ pub struct PerconaPGClusterBackupsPgbackrestConfigurationServiceAccountToken { pub path: String, } +/// Configuration for pgBackRest sidecar containers +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterBackupsPgbackrestContainers { + /// Defines the configuration for the pgBackRest sidecar container + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pgbackrest: Option, + /// Defines the configuration for the pgBackRest config sidecar container + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pgbackrestConfig")] + pub pgbackrest_config: Option, +} + +/// Defines the configuration for the pgBackRest sidecar container +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterBackupsPgbackrestContainersPgbackrest { + /// Resource requirements for a sidecar container + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, +} + +/// Resource requirements for a sidecar container +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterBackupsPgbackrestContainersPgbackrestResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterBackupsPgbackrestContainersPgbackrestResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// Defines the configuration for the pgBackRest config sidecar container +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterBackupsPgbackrestContainersPgbackrestConfig { + /// Resource requirements for a sidecar container + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, +} + +/// Resource requirements for a sidecar container +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterBackupsPgbackrestContainersPgbackrestConfigResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterBackupsPgbackrestContainersPgbackrestConfigResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + /// Jobs field allows configuration for all backup jobs #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterBackupsPgbackrestJobs { @@ -2411,8 +2519,12 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostSshConfigMap { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -2454,8 +2566,12 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostSshSecret { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -3740,7 +3856,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRestoreTolerations { pub value: Option, } -/// Configuration for pgBackRest sidecar containers +/// Deprecated: Use Containers instead #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterBackupsPgbackrestSidecars { /// Defines the configuration for the pgBackRest sidecar container @@ -4729,8 +4845,12 @@ pub struct PerconaPGClusterDataSourcePgbackrestConfigurationConfigMap { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -4826,8 +4946,12 @@ pub struct PerconaPGClusterDataSourcePgbackrestConfigurationSecret { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -6344,8 +6468,12 @@ pub struct PerconaPGClusterExtensionsStorageSecret { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -6395,8 +6523,12 @@ pub enum PerconaPGClusterImagePullPolicy { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6408,6 +6540,9 @@ pub struct PerconaPGClusterInstances { /// More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node #[serde(default, skip_serializing_if = "Option::is_none")] pub affinity: Option, + /// Configuration for instance default sidecar containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub containers: Option, /// Defines a PersistentVolumeClaim for PostgreSQL data. /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes #[serde(rename = "dataVolumeClaimSpec")] @@ -7173,6 +7308,57 @@ pub struct PerconaPGClusterInstancesAffinityPodAntiAffinityRequiredDuringSchedul pub values: Option>, } +/// Configuration for instance default sidecar containers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterInstancesContainers { + /// Defines the configuration for the replica cert copy sidecar container + #[serde(default, skip_serializing_if = "Option::is_none", rename = "replicaCertCopy")] + pub replica_cert_copy: Option, +} + +/// Defines the configuration for the replica cert copy sidecar container +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterInstancesContainersReplicaCertCopy { + /// Resource requirements for a sidecar container + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, +} + +/// Resource requirements for a sidecar container +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterInstancesContainersReplicaCertCopyResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterInstancesContainersReplicaCertCopyResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + /// Defines a PersistentVolumeClaim for PostgreSQL data. /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -7577,8 +7763,12 @@ pub struct PerconaPGClusterInstancesInitContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7618,8 +7808,12 @@ pub struct PerconaPGClusterInstancesInitContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7645,8 +7839,12 @@ pub struct PerconaPGClusterInstancesInitContainersEnvFrom { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterInstancesInitContainersEnvFromConfigMapRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -7658,8 +7856,12 @@ pub struct PerconaPGClusterInstancesInitContainersEnvFromConfigMapRef { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterInstancesInitContainersEnvFromSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -9022,8 +9224,12 @@ pub struct PerconaPGClusterInstancesSidecarsEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9063,8 +9269,12 @@ pub struct PerconaPGClusterInstancesSidecarsEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9090,8 +9300,12 @@ pub struct PerconaPGClusterInstancesSidecarsEnvFrom { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterInstancesSidecarsEnvFromConfigMapRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -9103,8 +9317,12 @@ pub struct PerconaPGClusterInstancesSidecarsEnvFromConfigMapRef { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterInstancesSidecarsEnvFromSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -10993,6 +11211,9 @@ pub struct PerconaPGClusterProxyPgBouncer { /// More info: https://www.pgbouncer.org/usage.html#reload #[serde(default, skip_serializing_if = "Option::is_none")] pub config: Option, + /// Configuration for pgBouncer default sidecar containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub containers: Option, /// A secret projection containing a certificate and key with which to encrypt /// connections to PgBouncer. The "tls.crt", "tls.key", and "ca.crt" paths must /// be PEM-encoded certificates and keys. Changing this value causes PgBouncer @@ -11915,8 +12136,12 @@ pub struct PerconaPGClusterProxyPgBouncerConfigFilesConfigMap { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -12012,8 +12237,12 @@ pub struct PerconaPGClusterProxyPgBouncerConfigFilesSecret { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -12063,6 +12292,57 @@ pub struct PerconaPGClusterProxyPgBouncerConfigFilesServiceAccountToken { pub path: String, } +/// Configuration for pgBouncer default sidecar containers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterProxyPgBouncerContainers { + /// Defines the configuration for the pgBouncer config sidecar container + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pgbouncerConfig")] + pub pgbouncer_config: Option, +} + +/// Defines the configuration for the pgBouncer config sidecar container +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterProxyPgBouncerContainersPgbouncerConfig { + /// Resource requirements for a sidecar container + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, +} + +/// Resource requirements for a sidecar container +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterProxyPgBouncerContainersPgbouncerConfigResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaPGClusterProxyPgBouncerContainersPgbouncerConfigResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + /// A secret projection containing a certificate and key with which to encrypt /// connections to PgBouncer. The "tls.crt", "tls.key", and "ca.crt" paths must /// be PEM-encoded certificates and keys. Changing this value causes PgBouncer @@ -12080,8 +12360,12 @@ pub struct PerconaPGClusterProxyPgBouncerCustomTlsSecret { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -12586,8 +12870,12 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -12627,8 +12915,12 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -12654,8 +12946,12 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsEnvFrom { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterProxyPgBouncerSidecarsEnvFromConfigMapRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -12667,8 +12963,12 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsEnvFromConfigMapRef { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterProxyPgBouncerSidecarsEnvFromSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -13807,8 +14107,12 @@ pub struct PerconaPGClusterSecretsCustomReplicationTlsSecret { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -13857,8 +14161,12 @@ pub struct PerconaPGClusterSecretsCustomTlsSecret { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs b/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs index 489278a6f..37bcf05d3 100644 --- a/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs +++ b/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs @@ -43,11 +43,14 @@ pub struct AdminNetworkPolicySpec { /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub ingress: Option>, - /// Priority is a value from 0 to 1000. Rules with lower priority values have - /// higher precedence, and are checked before rules with higher priority values. + /// Priority is a value from 0 to 1000. Policies with lower priority values have + /// higher precedence, and are checked before policies with higher priority values. /// All AdminNetworkPolicy rules have higher precedence than NetworkPolicy or /// BaselineAdminNetworkPolicy rules - /// The behavior is undefined if two ANP objects have same priority. + /// Every AdminNetworkPolicy should have a unique priority value; if two (or more) + /// policies with the same priority could both match a connection, then the + /// implementation can apply any of the matching policies to the connection, and + /// there is no way for the user to reliably determine which one it will choose. /// /// /// Support: Core diff --git a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs index d8b45b168..f6ed7f7b0 100644 --- a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs +++ b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs @@ -7886,6 +7886,9 @@ pub struct PostgresClusterStatus { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterStatusInstances { + /// Desired Size of the pgData volume + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredPGDataVolume")] + pub desired_pg_data_volume: Option>, pub name: String, /// Total number of ready pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readyReplicas")] diff --git a/kube-custom-resources-rs/src/secrets_hashicorp_com/v1beta1/vaultauths.rs b/kube-custom-resources-rs/src/secrets_hashicorp_com/v1beta1/vaultauths.rs index 191ee93ea..dc613201b 100644 --- a/kube-custom-resources-rs/src/secrets_hashicorp_com/v1beta1/vaultauths.rs +++ b/kube-custom-resources-rs/src/secrets_hashicorp_com/v1beta1/vaultauths.rs @@ -7,15 +7,17 @@ mod prelude { pub use kube::CustomResource; pub use serde::{Serialize, Deserialize}; pub use std::collections::BTreeMap; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; } use self::prelude::*; /// VaultAuthSpec defines the desired state of VaultAuth -#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, PartialEq)] +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "secrets.hashicorp.com", version = "v1beta1", kind = "VaultAuth", plural = "vaultauths")] #[kube(namespaced)] #[kube(status = "VaultAuthStatus")] #[kube(schema = "disabled")] +#[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct VaultAuthSpec { /// AllowedNamespaces Kubernetes Namespaces which are allow-listed for use with this AuthMethod. @@ -48,9 +50,11 @@ pub struct VaultAuthSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub kubernetes: Option, /// Method to use when authenticating to Vault. - pub method: VaultAuthMethod, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, /// Mount to use when authenticating to auth method. - pub mount: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mount: Option, /// Namespace to auth to in Vault #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -65,6 +69,9 @@ pub struct VaultAuthSpec { /// the label: cacheStorageEncryption=true #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageEncryption")] pub storage_encryption: Option, + /// VaultAuthGlobalRef. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "vaultAuthGlobalRef")] + pub vault_auth_global_ref: Option, /// VaultConnectionRef to the VaultConnection resource, can be prefixed with a namespace, /// eg: `namespaceA/vaultConnectionRefB`. If no namespace prefix is provided it will default to /// namespace of the VaultConnection CR. If no value is specified for VaultConnectionRef the @@ -77,13 +84,13 @@ pub struct VaultAuthSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VaultAuthAppRole { /// RoleID of the AppRole Role to use for authenticating to Vault. - #[serde(rename = "roleId")] - pub role_id: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "roleId")] + pub role_id: Option, /// SecretRef is the name of a Kubernetes secret in the consumer's (VDS/VSS/PKI) namespace which /// provides the AppRole Role's SecretID. The secret must have a key named `id` which holds the /// AppRole Role's secretID. - #[serde(rename = "secretRef")] - pub secret_ref: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, } /// AWS specific auth configuration, requires that Method be set to `aws`. @@ -105,7 +112,8 @@ pub struct VaultAuthAws { #[serde(default, skip_serializing_if = "Option::is_none")] pub region: Option, /// Vault role to use for authenticating - pub role: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, /// SecretRef is the name of a Kubernetes Secret in the consumer's (VDS/VSS/PKI) namespace /// which holds credentials for AWS. Expected keys include `access_key_id`, `secret_access_key`, /// `session_token` @@ -135,13 +143,14 @@ pub struct VaultAuthGcp { #[serde(default, skip_serializing_if = "Option::is_none")] pub region: Option, /// Vault role to use for authenticating - pub role: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, /// WorkloadIdentityServiceAccount is the name of a Kubernetes service /// account (in the same Kubernetes namespace as the Vault*Secret referencing /// this resource) which has been configured for workload identity in GKE. /// Should be annotated with "iam.gke.io/gcp-service-account". - #[serde(rename = "workloadIdentityServiceAccount")] - pub workload_identity_service_account: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workloadIdentityServiceAccount")] + pub workload_identity_service_account: Option, } /// JWT specific auth configuration, requires that the Method be set to `jwt`. @@ -151,7 +160,8 @@ pub struct VaultAuthJwt { #[serde(default, skip_serializing_if = "Option::is_none")] pub audiences: Option>, /// Role to use for authenticating to Vault. - pub role: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, /// SecretRef is the name of a Kubernetes secret in the consumer's (VDS/VSS/PKI) namespace which /// provides the JWT token to authenticate to Vault's JWT authentication backend. The secret must /// have a key named `jwt` which holds the JWT token. @@ -173,11 +183,12 @@ pub struct VaultAuthKubernetes { #[serde(default, skip_serializing_if = "Option::is_none")] pub audiences: Option>, /// Role to use for authenticating to Vault. - pub role: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, /// ServiceAccount to use when authenticating to Vault's /// authentication backend. This must reside in the consuming secret's (VDS/VSS/PKI) namespace. - #[serde(rename = "serviceAccount")] - pub service_account: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccount")] + pub service_account: Option, /// TokenExpirationSeconds to set the ServiceAccount token. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenExpirationSeconds")] pub token_expiration_seconds: Option, @@ -213,11 +224,97 @@ pub struct VaultAuthStorageEncryption { pub mount: String, } +/// VaultAuthGlobalRef. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VaultAuthVaultAuthGlobalRef { + /// MergeStrategy configures the merge strategy for HTTP headers and parameters + /// that are included in all Vault authentication requests. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mergeStrategy")] + pub merge_strategy: Option, + /// Name of the VaultAuthGlobal resource. + pub name: String, + /// Namespace of the VaultAuthGlobal resource. If not provided, the namespace of + /// the referring VaultAuth resource is used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// MergeStrategy configures the merge strategy for HTTP headers and parameters +/// that are included in all Vault authentication requests. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VaultAuthVaultAuthGlobalRefMergeStrategy { + /// Headers configures the merge strategy for HTTP headers that are included in + /// all Vault requests. Choices are `union`, `replace`, or `none`. + /// + /// + /// If `union` is set, the headers from the VaultAuthGlobal and VaultAuth + /// resources are merged. The headers from the VaultAuth always take precedence. + /// + /// + /// If `replace` is set, the first set of non-empty headers taken in order from: + /// VaultAuth, VaultAuthGlobal auth method, VaultGlobal default headers. + /// + /// + /// If `none` is set, the headers from the + /// VaultAuthGlobal resource are ignored and only the headers from the VaultAuth + /// resource are used. The default is `none`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option, + /// Params configures the merge strategy for HTTP parameters that are included in + /// all Vault requests. Choices are `union`, `replace`, or `none`. + /// + /// + /// If `union` is set, the parameters from the VaultAuthGlobal and VaultAuth + /// resources are merged. The parameters from the VaultAuth always take + /// precedence. + /// + /// + /// If `replace` is set, the first set of non-empty parameters taken in order from: + /// VaultAuth, VaultAuthGlobal auth method, VaultGlobal default parameters. + /// + /// + /// If `none` is set, the parameters from the VaultAuthGlobal resource are ignored + /// and only the parameters from the VaultAuth resource are used. The default is + /// `none`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub params: Option, +} + +/// MergeStrategy configures the merge strategy for HTTP headers and parameters +/// that are included in all Vault authentication requests. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum VaultAuthVaultAuthGlobalRefMergeStrategyHeaders { + #[serde(rename = "union")] + Union, + #[serde(rename = "replace")] + Replace, + #[serde(rename = "none")] + None, +} + +/// MergeStrategy configures the merge strategy for HTTP headers and parameters +/// that are included in all Vault authentication requests. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum VaultAuthVaultAuthGlobalRefMergeStrategyParams { + #[serde(rename = "union")] + Union, + #[serde(rename = "replace")] + Replace, + #[serde(rename = "none")] + None, +} + /// VaultAuthStatus defines the observed state of VaultAuth #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VaultAuthStatus { - pub error: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "specHash")] + pub spec_hash: Option, /// Valid auth mechanism. - pub valid: bool, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub valid: Option, } diff --git a/kube-custom-resources-rs/src/security_istio_io/v1/authorizationpolicies.rs b/kube-custom-resources-rs/src/security_istio_io/v1/authorizationpolicies.rs index e8896e728..a6cc94a9e 100644 --- a/kube-custom-resources-rs/src/security_istio_io/v1/authorizationpolicies.rs +++ b/kube-custom-resources-rs/src/security_istio_io/v1/authorizationpolicies.rs @@ -177,11 +177,9 @@ pub struct AuthorizationPolicyTargetRef { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -193,11 +191,9 @@ pub struct AuthorizationPolicyTargetRefs { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, diff --git a/kube-custom-resources-rs/src/security_istio_io/v1/requestauthentications.rs b/kube-custom-resources-rs/src/security_istio_io/v1/requestauthentications.rs index bbb02631a..d2f018931 100644 --- a/kube-custom-resources-rs/src/security_istio_io/v1/requestauthentications.rs +++ b/kube-custom-resources-rs/src/security_istio_io/v1/requestauthentications.rs @@ -82,11 +82,9 @@ pub struct RequestAuthenticationJwtRulesFromHeaders { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RequestAuthenticationJwtRulesOutputClaimToHeaders { /// The name of the claim to be copied from. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claim: Option, + pub claim: String, /// The name of the header to be created. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub header: Option, + pub header: String, } /// Optional. @@ -103,11 +101,9 @@ pub struct RequestAuthenticationTargetRef { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -119,11 +115,9 @@ pub struct RequestAuthenticationTargetRefs { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, diff --git a/kube-custom-resources-rs/src/security_istio_io/v1beta1/authorizationpolicies.rs b/kube-custom-resources-rs/src/security_istio_io/v1beta1/authorizationpolicies.rs index 5f33c4ce6..2f7223572 100644 --- a/kube-custom-resources-rs/src/security_istio_io/v1beta1/authorizationpolicies.rs +++ b/kube-custom-resources-rs/src/security_istio_io/v1beta1/authorizationpolicies.rs @@ -177,11 +177,9 @@ pub struct AuthorizationPolicyTargetRef { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -193,11 +191,9 @@ pub struct AuthorizationPolicyTargetRefs { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, diff --git a/kube-custom-resources-rs/src/security_istio_io/v1beta1/requestauthentications.rs b/kube-custom-resources-rs/src/security_istio_io/v1beta1/requestauthentications.rs index 2cadf0361..b0f55b077 100644 --- a/kube-custom-resources-rs/src/security_istio_io/v1beta1/requestauthentications.rs +++ b/kube-custom-resources-rs/src/security_istio_io/v1beta1/requestauthentications.rs @@ -82,11 +82,9 @@ pub struct RequestAuthenticationJwtRulesFromHeaders { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RequestAuthenticationJwtRulesOutputClaimToHeaders { /// The name of the claim to be copied from. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claim: Option, + pub claim: String, /// The name of the header to be created. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub header: Option, + pub header: String, } /// Optional. @@ -103,11 +101,9 @@ pub struct RequestAuthenticationTargetRef { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -119,11 +115,9 @@ pub struct RequestAuthenticationTargetRefs { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, diff --git a/kube-custom-resources-rs/src/sparkoperator_k8s_io/v1beta2/scheduledsparkapplications.rs b/kube-custom-resources-rs/src/sparkoperator_k8s_io/v1beta2/scheduledsparkapplications.rs index a37596c7d..25ae66cff 100644 --- a/kube-custom-resources-rs/src/sparkoperator_k8s_io/v1beta2/scheduledsparkapplications.rs +++ b/kube-custom-resources-rs/src/sparkoperator_k8s_io/v1beta2/scheduledsparkapplications.rs @@ -561,6 +561,8 @@ pub struct ScheduledSparkApplicationTemplateDriverInitContainers { pub readiness_probe: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restartPolicy")] + pub restart_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "startupProbe")] @@ -2216,6 +2218,8 @@ pub struct ScheduledSparkApplicationTemplateExecutorInitContainers { pub readiness_probe: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restartPolicy")] + pub restart_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "startupProbe")] diff --git a/kube-custom-resources-rs/src/sparkoperator_k8s_io/v1beta2/sparkapplications.rs b/kube-custom-resources-rs/src/sparkoperator_k8s_io/v1beta2/sparkapplications.rs index ffc72eee5..27e3aea2a 100644 --- a/kube-custom-resources-rs/src/sparkoperator_k8s_io/v1beta2/sparkapplications.rs +++ b/kube-custom-resources-rs/src/sparkoperator_k8s_io/v1beta2/sparkapplications.rs @@ -547,6 +547,8 @@ pub struct SparkApplicationDriverInitContainers { pub readiness_probe: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restartPolicy")] + pub restart_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "startupProbe")] @@ -2202,6 +2204,8 @@ pub struct SparkApplicationExecutorInitContainers { pub readiness_probe: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restartPolicy")] + pub restart_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "startupProbe")] diff --git a/kube-custom-resources-rs/src/telemetry_istio_io/v1/telemetries.rs b/kube-custom-resources-rs/src/telemetry_istio_io/v1/telemetries.rs index 5eaf4fff6..c099fb8d5 100644 --- a/kube-custom-resources-rs/src/telemetry_istio_io/v1/telemetries.rs +++ b/kube-custom-resources-rs/src/telemetry_istio_io/v1/telemetries.rs @@ -212,11 +212,9 @@ pub struct TelemetryTargetRef { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -228,11 +226,9 @@ pub struct TelemetryTargetRefs { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, diff --git a/kube-custom-resources-rs/src/telemetry_istio_io/v1alpha1/telemetries.rs b/kube-custom-resources-rs/src/telemetry_istio_io/v1alpha1/telemetries.rs index 171e943f9..44a222e80 100644 --- a/kube-custom-resources-rs/src/telemetry_istio_io/v1alpha1/telemetries.rs +++ b/kube-custom-resources-rs/src/telemetry_istio_io/v1alpha1/telemetries.rs @@ -212,11 +212,9 @@ pub struct TelemetryTargetRef { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -228,11 +226,9 @@ pub struct TelemetryTargetRefs { #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// kind is kind of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: String, /// name is the name of the target resource. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// namespace is the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, diff --git a/kube-custom-resources-rs/src/tests_testkube_io/v1/testexecutions.rs b/kube-custom-resources-rs/src/tests_testkube_io/v1/testexecutions.rs index 8514d2c4e..b13f75ecb 100644 --- a/kube-custom-resources-rs/src/tests_testkube_io/v1/testexecutions.rs +++ b/kube-custom-resources-rs/src/tests_testkube_io/v1/testexecutions.rs @@ -49,6 +49,9 @@ pub struct TestExecutionExecutionRequest { /// cron job template extensions #[serde(default, skip_serializing_if = "Option::is_none", rename = "cronJobTemplate")] pub cron_job_template: Option, + /// whether webhooks should be called on execution + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableWebhooks")] + pub disable_webhooks: Option, /// config map references #[serde(default, skip_serializing_if = "Option::is_none", rename = "envConfigMaps")] pub env_config_maps: Option>, diff --git a/kube-custom-resources-rs/src/tests_testkube_io/v1/testsuiteexecutions.rs b/kube-custom-resources-rs/src/tests_testkube_io/v1/testsuiteexecutions.rs index 0b56c87ca..7ebc23827 100644 --- a/kube-custom-resources-rs/src/tests_testkube_io/v1/testsuiteexecutions.rs +++ b/kube-custom-resources-rs/src/tests_testkube_io/v1/testsuiteexecutions.rs @@ -351,6 +351,9 @@ pub struct TestSuiteExecutionStatusLatestExecutionExecuteStepResultsExecuteExecu /// TestContent defines test content #[serde(default, skip_serializing_if = "Option::is_none")] pub content: Option, + /// whether webhooks should be disabled for this execution + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableWebhooks")] + pub disable_webhooks: Option, /// test duration #[serde(default, skip_serializing_if = "Option::is_none")] pub duration: Option, @@ -933,6 +936,9 @@ pub struct TestSuiteExecutionStatusLatestExecutionStepResultsExecution { /// TestContent defines test content #[serde(default, skip_serializing_if = "Option::is_none")] pub content: Option, + /// whether webhooks should be disabled for this execution + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableWebhooks")] + pub disable_webhooks: Option, /// test duration #[serde(default, skip_serializing_if = "Option::is_none")] pub duration: Option, diff --git a/kube-custom-resources-rs/src/tests_testkube_io/v3/tests.rs b/kube-custom-resources-rs/src/tests_testkube_io/v3/tests.rs index 7401bb9c1..db1b7435c 100644 --- a/kube-custom-resources-rs/src/tests_testkube_io/v3/tests.rs +++ b/kube-custom-resources-rs/src/tests_testkube_io/v3/tests.rs @@ -166,6 +166,9 @@ pub struct TestExecutionRequest { /// name of the template resource #[serde(default, skip_serializing_if = "Option::is_none", rename = "cronJobTemplateReference")] pub cron_job_template_reference: Option, + /// whether webhooks should be called on execution + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableWebhooks")] + pub disable_webhooks: Option, /// config map references #[serde(default, skip_serializing_if = "Option::is_none", rename = "envConfigMaps")] pub env_config_maps: Option>, diff --git a/kube-custom-resources-rs/src/tests_testkube_io/v3/testsuites.rs b/kube-custom-resources-rs/src/tests_testkube_io/v3/testsuites.rs index a4adefaf1..d09d01032 100644 --- a/kube-custom-resources-rs/src/tests_testkube_io/v3/testsuites.rs +++ b/kube-custom-resources-rs/src/tests_testkube_io/v3/testsuites.rs @@ -104,6 +104,9 @@ pub struct TestSuiteAfterExecuteExecutionRequest { /// cron job template extensions reference #[serde(default, skip_serializing_if = "Option::is_none", rename = "cronJobTemplateReference")] pub cron_job_template_reference: Option, + /// whether webhooks should be called on execution + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableWebhooks")] + pub disable_webhooks: Option, /// test execution labels #[serde(default, skip_serializing_if = "Option::is_none", rename = "executionLabels")] pub execution_labels: Option>, @@ -323,6 +326,9 @@ pub struct TestSuiteBeforeExecuteExecutionRequest { /// cron job template extensions reference #[serde(default, skip_serializing_if = "Option::is_none", rename = "cronJobTemplateReference")] pub cron_job_template_reference: Option, + /// whether webhooks should be called on execution + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableWebhooks")] + pub disable_webhooks: Option, /// test execution labels #[serde(default, skip_serializing_if = "Option::is_none", rename = "executionLabels")] pub execution_labels: Option>, @@ -488,6 +494,9 @@ pub struct TestSuiteExecutionRequest { /// name of the template resource #[serde(default, skip_serializing_if = "Option::is_none", rename = "cronJobTemplateReference")] pub cron_job_template_reference: Option, + /// whether webhooks should be called on execution + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableWebhooks")] + pub disable_webhooks: Option, /// execution labels #[serde(default, skip_serializing_if = "Option::is_none", rename = "executionLabels")] pub execution_labels: Option>, @@ -691,6 +700,9 @@ pub struct TestSuiteStepsExecuteExecutionRequest { /// cron job template extensions reference #[serde(default, skip_serializing_if = "Option::is_none", rename = "cronJobTemplateReference")] pub cron_job_template_reference: Option, + /// whether webhooks should be called on execution + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableWebhooks")] + pub disable_webhooks: Option, /// test execution labels #[serde(default, skip_serializing_if = "Option::is_none", rename = "executionLabels")] pub execution_labels: Option>, diff --git a/kube-custom-resources-rs/src/traefik_io/v1alpha1/ingressroutes.rs b/kube-custom-resources-rs/src/traefik_io/v1alpha1/ingressroutes.rs index 120e2a419..e5870bc17 100644 --- a/kube-custom-resources-rs/src/traefik_io/v1alpha1/ingressroutes.rs +++ b/kube-custom-resources-rs/src/traefik_io/v1alpha1/ingressroutes.rs @@ -80,7 +80,7 @@ pub struct IngressRouteRoutesMiddlewares { /// Service defines an upstream HTTP service to proxy traffic to. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IngressRouteRoutesServices { - /// Healthcheck defines health checks for the service. + /// Healthcheck defines health checks for ExternalName services. #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheck")] pub health_check: Option, /// Kind defines the kind of the Service. @@ -138,37 +138,47 @@ pub struct IngressRouteRoutesServices { pub weight: Option, } -/// Healthcheck defines health checks for the service. +/// Healthcheck defines health checks for ExternalName services. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IngressRouteRoutesServicesHealthCheck { - #[serde(rename = "followRedirects")] - pub follow_redirects: bool, + /// FollowRedirects defines whether redirects should be followed during the health check calls. + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, + /// Headers defines custom headers to be sent to the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, + /// Hostname defines the value of hostname in the Host header of the health check request. #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, - /// Duration is a custom type suitable for parsing duration values. - /// It supports `time.ParseDuration`-compatible values and suffix-less digits; in - /// the latter case, seconds are assumed. + /// Interval defines the frequency of the health check calls. + /// Default: 30s #[serde(default, skip_serializing_if = "Option::is_none")] - pub interval: Option, + pub interval: Option, + /// Method defines the healthcheck method. #[serde(default, skip_serializing_if = "Option::is_none")] pub method: Option, + /// Mode defines the health check mode. + /// If defined to grpc, will use the gRPC health check protocol to probe the server. + /// Default: http #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, + /// Path defines the server URL path for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, + /// Port defines the server URL port for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, + /// Scheme replaces the server URL scheme for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, + /// Status defines the expected HTTP status code of the response to the health check request. #[serde(default, skip_serializing_if = "Option::is_none")] pub status: Option, - /// Duration is a custom type suitable for parsing duration values. - /// It supports `time.ParseDuration`-compatible values and suffix-less digits; in - /// the latter case, seconds are assumed. + /// Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + /// Default: 5s #[serde(default, skip_serializing_if = "Option::is_none")] - pub timeout: Option, + pub timeout: Option, } /// Service defines an upstream HTTP service to proxy traffic to. diff --git a/kube-custom-resources-rs/src/traefik_io/v1alpha1/traefikservices.rs b/kube-custom-resources-rs/src/traefik_io/v1alpha1/traefikservices.rs index c6b4aaf15..3bcd0424e 100644 --- a/kube-custom-resources-rs/src/traefik_io/v1alpha1/traefikservices.rs +++ b/kube-custom-resources-rs/src/traefik_io/v1alpha1/traefikservices.rs @@ -30,7 +30,7 @@ pub struct TraefikServiceSpec { /// Mirroring defines the Mirroring service configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TraefikServiceMirroring { - /// Healthcheck defines health checks for the service. + /// Healthcheck defines health checks for ExternalName services. #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheck")] pub health_check: Option, /// Kind defines the kind of the Service. @@ -96,37 +96,47 @@ pub struct TraefikServiceMirroring { pub weight: Option, } -/// Healthcheck defines health checks for the service. +/// Healthcheck defines health checks for ExternalName services. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TraefikServiceMirroringHealthCheck { - #[serde(rename = "followRedirects")] - pub follow_redirects: bool, + /// FollowRedirects defines whether redirects should be followed during the health check calls. + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, + /// Headers defines custom headers to be sent to the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, + /// Hostname defines the value of hostname in the Host header of the health check request. #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, - /// Duration is a custom type suitable for parsing duration values. - /// It supports `time.ParseDuration`-compatible values and suffix-less digits; in - /// the latter case, seconds are assumed. + /// Interval defines the frequency of the health check calls. + /// Default: 30s #[serde(default, skip_serializing_if = "Option::is_none")] - pub interval: Option, + pub interval: Option, + /// Method defines the healthcheck method. #[serde(default, skip_serializing_if = "Option::is_none")] pub method: Option, + /// Mode defines the health check mode. + /// If defined to grpc, will use the gRPC health check protocol to probe the server. + /// Default: http #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, + /// Path defines the server URL path for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, + /// Port defines the server URL port for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, + /// Scheme replaces the server URL scheme for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, + /// Status defines the expected HTTP status code of the response to the health check request. #[serde(default, skip_serializing_if = "Option::is_none")] pub status: Option, - /// Duration is a custom type suitable for parsing duration values. - /// It supports `time.ParseDuration`-compatible values and suffix-less digits; in - /// the latter case, seconds are assumed. + /// Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + /// Default: 5s #[serde(default, skip_serializing_if = "Option::is_none")] - pub timeout: Option, + pub timeout: Option, } /// Mirroring defines the Mirroring service configuration. @@ -139,7 +149,7 @@ pub enum TraefikServiceMirroringKind { /// MirrorService holds the mirror configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TraefikServiceMirroringMirrors { - /// Healthcheck defines health checks for the service. + /// Healthcheck defines health checks for ExternalName services. #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheck")] pub health_check: Option, /// Kind defines the kind of the Service. @@ -201,37 +211,47 @@ pub struct TraefikServiceMirroringMirrors { pub weight: Option, } -/// Healthcheck defines health checks for the service. +/// Healthcheck defines health checks for ExternalName services. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TraefikServiceMirroringMirrorsHealthCheck { - #[serde(rename = "followRedirects")] - pub follow_redirects: bool, + /// FollowRedirects defines whether redirects should be followed during the health check calls. + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, + /// Headers defines custom headers to be sent to the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, + /// Hostname defines the value of hostname in the Host header of the health check request. #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, - /// Duration is a custom type suitable for parsing duration values. - /// It supports `time.ParseDuration`-compatible values and suffix-less digits; in - /// the latter case, seconds are assumed. + /// Interval defines the frequency of the health check calls. + /// Default: 30s #[serde(default, skip_serializing_if = "Option::is_none")] - pub interval: Option, + pub interval: Option, + /// Method defines the healthcheck method. #[serde(default, skip_serializing_if = "Option::is_none")] pub method: Option, + /// Mode defines the health check mode. + /// If defined to grpc, will use the gRPC health check protocol to probe the server. + /// Default: http #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, + /// Path defines the server URL path for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, + /// Port defines the server URL port for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, + /// Scheme replaces the server URL scheme for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, + /// Status defines the expected HTTP status code of the response to the health check request. #[serde(default, skip_serializing_if = "Option::is_none")] pub status: Option, - /// Duration is a custom type suitable for parsing duration values. - /// It supports `time.ParseDuration`-compatible values and suffix-less digits; in - /// the latter case, seconds are assumed. + /// Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + /// Default: 5s #[serde(default, skip_serializing_if = "Option::is_none")] - pub timeout: Option, + pub timeout: Option, } /// MirrorService holds the mirror configuration. @@ -344,7 +364,7 @@ pub struct TraefikServiceWeighted { /// Service defines an upstream HTTP service to proxy traffic to. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TraefikServiceWeightedServices { - /// Healthcheck defines health checks for the service. + /// Healthcheck defines health checks for ExternalName services. #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheck")] pub health_check: Option, /// Kind defines the kind of the Service. @@ -402,37 +422,47 @@ pub struct TraefikServiceWeightedServices { pub weight: Option, } -/// Healthcheck defines health checks for the service. +/// Healthcheck defines health checks for ExternalName services. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TraefikServiceWeightedServicesHealthCheck { - #[serde(rename = "followRedirects")] - pub follow_redirects: bool, + /// FollowRedirects defines whether redirects should be followed during the health check calls. + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, + /// Headers defines custom headers to be sent to the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, + /// Hostname defines the value of hostname in the Host header of the health check request. #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, - /// Duration is a custom type suitable for parsing duration values. - /// It supports `time.ParseDuration`-compatible values and suffix-less digits; in - /// the latter case, seconds are assumed. + /// Interval defines the frequency of the health check calls. + /// Default: 30s #[serde(default, skip_serializing_if = "Option::is_none")] - pub interval: Option, + pub interval: Option, + /// Method defines the healthcheck method. #[serde(default, skip_serializing_if = "Option::is_none")] pub method: Option, + /// Mode defines the health check mode. + /// If defined to grpc, will use the gRPC health check protocol to probe the server. + /// Default: http #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, + /// Path defines the server URL path for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, + /// Port defines the server URL port for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, + /// Scheme replaces the server URL scheme for the health check endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, + /// Status defines the expected HTTP status code of the response to the health check request. #[serde(default, skip_serializing_if = "Option::is_none")] pub status: Option, - /// Duration is a custom type suitable for parsing duration values. - /// It supports `time.ParseDuration`-compatible values and suffix-less digits; in - /// the latter case, seconds are assumed. + /// Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + /// Default: 5s #[serde(default, skip_serializing_if = "Option::is_none")] - pub timeout: Option, + pub timeout: Option, } /// Service defines an upstream HTTP service to proxy traffic to. diff --git a/kube-custom-resources-rs/src/workloads_kubeblocks_io/v1alpha1/instancesets.rs b/kube-custom-resources-rs/src/workloads_kubeblocks_io/v1alpha1/instancesets.rs index 8f9053498..0f4802f45 100644 --- a/kube-custom-resources-rs/src/workloads_kubeblocks_io/v1alpha1/instancesets.rs +++ b/kube-custom-resources-rs/src/workloads_kubeblocks_io/v1alpha1/instancesets.rs @@ -264,22 +264,15 @@ pub struct InstanceSetInstances { pub labels: Option>, /// Name specifies the unique name of the instance Pod created using this InstanceTemplate. This name is constructed by concatenating the component's name, the template's name, and the instance's ordinal using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. The specified name overrides any default naming conventions or patterns. pub name: String, - /// Specifies the name of the node where the Pod should be scheduled. If set, the Pod will be directly assigned to the specified node, bypassing the Kubernetes scheduler. This is useful for controlling Pod placement on specific nodes. - /// Important considerations: - `nodeName` bypasses default scheduling constraints (e.g., resource requirements, node selectors, affinity rules). - It is the user's responsibility to ensure the node is suitable for the Pod. - If the node is unavailable, the Pod will remain in "Pending" state until the node is available or the Pod is deleted. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] - pub node_name: Option, - /// Defines NodeSelector to override. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] - pub node_selector: Option>, /// Specifies the number of instances (Pods) to create from this InstanceTemplate. This field allows setting how many replicated instances of the component, with the specific overrides in the InstanceTemplate, are created. The default value is 1. A value of 0 disables instance creation. #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, /// Specifies an override for the resource requirements of the first container in the Pod. This field allows for customizing resource allocation (CPU, memory, etc.) for the container. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// Tolerations specifies a list of tolerations to be applied to the Pod, allowing it to tolerate node taints. This field can be used to add new tolerations or override existing ones. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, + /// Specifies the scheduling policy for the Component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingPolicy")] + pub scheduling_policy: Option, /// Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] pub volume_claim_templates: Option>, @@ -394,9 +387,440 @@ pub struct InstanceSetInstancesResourcesClaims { pub name: String, } +/// Specifies the scheduling policy for the Component. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicy { + /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, + /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, the scheduler simply schedules this Pod onto that node, assuming that it fits resource requirements. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] + pub node_name: Option, + /// NodeSelector is a selector which must be true for the Pod to fit on a node. Selector which must match a node's labels for the Pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// If specified, the Pod will be dispatched by specified scheduler. If not specified, the Pod will be dispatched by default scheduler. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] + pub scheduler_name: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. Each toleration in the array allows the Pod to tolerate node taints based on specified `key`, `value`, `effect`, and `operator`. + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - The `operator` determines how the toleration matches the taint. + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, + /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology domains. Scheduler will schedule Pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, +} + +/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, +} + +/// Describes node affinity scheduling rules for the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, +} + +/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: InstanceSetInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, +} + +/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: InstanceSetInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct InstanceSetInstancesTolerations { +pub struct InstanceSetInstancesSchedulingPolicyTolerations { /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, @@ -414,6 +838,63 @@ pub struct InstanceSetInstancesTolerations { pub value: Option, } +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, +} + +/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceSetInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// PersistentVolumeClaim is a user's request for and claim to a persistent volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstanceSetInstancesVolumeClaimTemplates {